[no subject]

["Tupker, Mike" <mtupker () MTMERCY EDU>]

Thanks for all the responses so far. How do you handle password reset requests from applicants? Since they are in the 
application process and don't have ID's yet or some way of identifying themselves in the database, I would think it 
would be hard to provide adequate proof of a applicants identity. Maybe I'll leave that up to the person who has to 
rewrite the provisioning software.

Regardless of how the password reset requests are handled, our one helpdesk person will likely be overloaded by the 
applicants needing login help.

Mike Tupker
Systems Administrator
Mount Mercy College

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tupker, 
Mike
Sent: Wednesday, July 01, 2009 12:02 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY]

Hello,

A situation has developed where a project lead/developer and a few departments are saying we need to give active 
directory accounts and email accounts to applicants. I was wondering if other schools give active directory and or 
email accounts to applicants?

The situation scares me to be honest. None of the details have been worked out that I know of, but the idea of giving 
email accounts to anyone who fills out a form online seems like a bad idea. It may be possible to lock down AD enough, 
but it still sounds like we are saying "Sign this internet form and get a login to our network. Have fun elevating 
privileges and sending spam!" I may be being paranoid about this but I wanted to get some of the community's thoughts 
on this. If I'm just being paranoid, feel free to say so. :)

Oh, and we also use google apps for our student email. It appears that the google apps for edu agreement does allow for 
giving account to non-students if desired.

Mike Tupker
Systems Administrator
Mount Mercy College