Educause Security Discussion mailing list archives

Re: Password policy publication

From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Wed, 29 Oct 2008 10:02:45 -0400

Valdis Kletnieks wrote:

And then there's the even more numerous sites that try to set up account
locking, but fail to do it for *every* place.  Sure, your Windows boxes and
Active Directory may do locking - but did you check *every* web app that
does authentication to make sure it does it as well?  Your webmail server?
Those 5 creeping horror applications that Student Billing runs to let
students look at their bills online?  And so on...


Overheard in almost every Unix machine room at some point or another:

"Hey, how long has this LDAP-authenticating machine been running XDMCP?"

--
Matt Gracie                         (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS                Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg

Current thread:

Re: Password policy publication, (continued)
- Re: Password policy publication Roger Safian (Oct 27)
- Re: Password policy publication Allison Dolan (Oct 27)
- Re: Password policy publication Valdis Kletnieks (Oct 27)
- Re: Password policy publication Shalla, Kevin (Oct 28)
- Re: Password policy publication Adam Nave (Oct 28)
- Re: Password policy publication Roger Safian (Oct 28)
- Re: Password policy publication Shalla, Kevin (Oct 28)
- Re: Password policy publication Valdis Kletnieks (Oct 28)
- Re: Password policy publication Steven Alexander (Oct 28)
- Re: Password policy publication Roger Safian (Oct 28)
- Re: Password policy publication Matthew Gracie (Oct 29)