Educause Security Discussion mailing list archives
Re: AD self service password reset ?
From: Rich Graves <rgraves () CARLETON EDU>
Date: Thu, 17 Mar 2011 11:16:05 -0500
We seriously considering SpecOps Password Reset (plus Password Policy, providing per-group or per-ou password filtering) to replace legacy homegrown code. Sample customers: google "Self Service Reset Password Management - Password Reset" I'd be very interested to hear positive or negative reviews. Potential negatives: All application logic runs as a service on the domain controller. This is good because a compromise of the public-facing web server gives the attacker nothing (other than ability to monkey with subsequent users of the web server). But the security and upgrade compatibility risk may be higher than it would be for a system that left the decision-making to an application server, which would use 100% Microsoft protocols to reset passwords. It's only been out since 2008, and there don't seem to be a huge number of customers... though there are upsides to a product with no pre-2008 legacy. Help desk interface requires Integrated Windows Authentication, so no Macs... though Safari NTLM might work. We'll have to test. -- Rich Graves http://claimid.com/rcgraves Carleton.edu Sr UNIX and Security Admin CMC135: 507-222-7079 Cell: 952-292-6529
Current thread:
- Re: Firewall replacement, (continued)
- Re: Firewall replacement Dexter Caldwell (Mar 07)
- Re: Firewall replacement King, Ronald A. (Mar 07)
- Re: Firewall replacement Jeff Kell (Mar 07)
- Re: AD self service password reset ? Russ Leathe (Mar 07)
- Re: AD self service password reset ? Gallese, Brady T. (Mar 07)
- Re: AD self service password reset ? Chris Green (Mar 07)
- Re: AD self service password reset ? Francis, Greg (Mar 16)
- Re: AD self service password reset ? Rich Graves (Mar 17)