Educause Security Discussion mailing list archives
Re: Active Directory Password Strength
From: Graham Toal <gtoal () UTPA EDU>
Date: Wed, 16 Nov 2005 11:00:30 -0600
From: Cary, Kim [mailto:Kim.Cary () PEPPERDINE EDU]
The problem we've had in the past (NT4 Domain) is that some 'domain accounts' do not show up as having logged in (from the domain admins POV) because they never log in to the domain directly. They are quite active with LDAP binds, Exchange POP logins, etc. which are back ended to the domain. While the Domain 'bad attempt lockout' policy applies to these various logins, admins could not find a central place to see 'account activity'. Is there a central place under AD where you can find that a successful authentication has taken place from ANY client against the domain credentials?
A related problem: in Oracle, there is a web-based interface to various facilities, but you can also access mail via standard mechanisms such as IMAP. If you never use the web-based interface (collab suite) then you never see the messages warning you that your password is about to expire or that your password *has* expired and you should now change it. Instead your email simply stops working and generates a call to the help desk. The larger the site, the more people who don't use the web interface, and the more helpdesk calls are generated for something that users should have taken care of themselves. The risk from this is that the easiest fix is simply to disable password expiry. Graham
Current thread:
- Active Directory Password Strength Cary, Kim (Nov 14)
- <Possible follow-ups>
- Re: Active Directory Password Strength Tim Howard (Nov 14)
- Re: Active Directory Password Strength Stewart, Ian (Nov 14)
- Re: Active Directory Password Strength Lucas, Bryan (Nov 14)
- Re: Active Directory Password Strength Bradley Ellis (Nov 14)
- Re: Active Directory Password Strength Graham Toal (Nov 15)
- Re: Active Directory Password Strength Russell Fulton (Nov 15)
- Re: Active Directory Password Strength Cary, Kim (Nov 16)
- Re: Active Directory Password Strength Graham Toal (Nov 16)
- Re: Active Directory Password Strength Eric Brewer (Nov 16)
- Re: Active Directory Password Strength Riedl, Steve Thomas (Nov 17)
- Re: Active Directory Password Strength Russell Fulton (Nov 25)