[148127] in North American Network Operators' Group
Re: AD and enforced password policies
daemon@ATHENA.MIT.EDU (=?utf-8?B?TcOlbnM=?= Nilsson)
Wed Jan 4 04:04:23 2012
Date: Wed, 4 Jan 2012 10:03:28 +0100
From: =?utf-8?B?TcOlbnM=?= Nilsson <mansaxel@besserwisser.org>
To: Jimmy Hess <mysidia@gmail.com>
In-Reply-To: <CAAAwwbV+xNzhtGkSB=9uYky2AAHwErtCkcsTTYRe-Z18mV=GFQ@mail.gmail.com>
Cc: "Nanog@nanog.org" <Nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--zu8lIfFVzXMVnfzp
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Subject: Re: AD and enforced password policies Date: Tue, Jan 03, 2012 at 1=
0:58:35PM -0600 Quoting Jimmy Hess (mysidia@gmail.com):
=20
> Manual forced immediate password expiration should be in the security
> admin's toolbox as a possible response to observation of questionable or
> potentially remotely suspicious activity on a system that user had been
> logged into recently.
Indeed. If doubt arises, just change. Have been on the fringe of a kdc
compromise. 10000 students and faculty were required to show up in person
and change on approved terminals.
--=20
M=C3=A5ns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE +46 705 989668
Wow! Look!! A stray meatball!! Let's interview it!
--zu8lIfFVzXMVnfzp
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk8EFd8ACgkQ02/pMZDM1cUFxACaA2K0JItYRS0rL6D+IB8o7dxi
NZwAnRnV1aoD/OYy7PQIpEZ4qrKgXeer
=WgN/
-----END PGP SIGNATURE-----
--zu8lIfFVzXMVnfzp--
