Another interesting recommendation from security is that all granted
access (that is exceptional, rather than permanent) should be limited in
time from the onset.
If this is not possible all granted access needs to be documented and
revised regularly. However a system that would automatically revoke access
after a certain period is preferred from a security/administrative
perspective. (Period to be defined when granting access)
This would mean that e.g. sudo-rules, group memberships, etc. could have
due dates and that IPA ensures that these rights are revoked in due time.
So I was wondering whether this is something that was already discussed as
a feature for IPA ?
-- dag wieers, d...@wieers.com, http://dag.wieers.com/
-- dagit linux solutions, i...@dagit.net, http://dagit.net/
[Any errors in spelling, tact or fact are transmission errors]
Freeipa-users mailing list