Educause Security Discussion mailing list archives
Re: Administrative account access control
From: Anthony Schroeder <aschroeder () GW HAMLINE EDU>
Date: Mon, 26 Jan 2004 09:05:20 -0600
i don't want to start a NOS war, but the answer is don't get rid of the netware systems. we have roughly 35 intel servers (netware and active directory) and about 8 solaris machines, as well as quite a few cisco switches that are all administered by 3 people. nds runs the whole thing...we have an automatic import process from our HR/student record system that creates the accounts as the person is hired/admitted to school, and disables the account as they leave. we use netware as our file/print we have connectors to active directory and NIS that provides account information to the other systems (including passwords/etc). we use cisco's access control server that pulls the authentication information from NDS to allow certain people to log in with different priveledges to the switches - the person logs in as himself, rather than a generic administrative user novell is coming out with some web-based self-password administration mechanism (to handle forgotten passwords, etc). it all works pretty slick. anthony.
STEVE () BUMAIL BRADLEY EDU 1/23/2004 1:22:05 PM >>>
We have about 30 servers and large numbers of routers and switches that are administrated by roughly a dozen people. Naturally, we want a high secure environment for administrative access. All these devices have different, difficult passwords. It is not impossible to remember all the passwords. Also, we want to avoid the situation where we can't fix a problem because no one is around who knows a particular password. I have been looking for solutions to provide secure access to administer resources, provide a log of access, allow us to grant or restrict access quickly and easily, etc. I've been talking to Priva Technologies, but wonder if others have this same problem and what they have done to address it. What vendor solutions are available? Our environment is CISCO network, and VPN. We have a Sun1 LDAP system and also use Active Directory. We have some Netware, but it is on the way out. Thanks for any insights you can provide, Steve Patrick, Bradley University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Administrative account access control Patrick, Stephen (Jan 23)
- <Possible follow-ups>
- Re: Administrative account access control Anthony Schroeder (Jan 26)
- Re: Administrative account access control Niedens, Travis (Jan 26)