Another interesting recommendation from security is that all granted access (that is exceptional, rather than permanent) should be limited in time from the onset.

If this is not possible all granted access needs to be documented and revised regularly. However a system that would automatically revoke access after a certain period is preferred from a security/administrative perspective. (Period to be defined when granting access)

This would mean that e.g. sudo-rules, group memberships, etc. could have due dates and that IPA ensures that these rights are revoked in due time.

So I was wondering whether this is something that was already discussed as a feature for IPA ?

-- dag wieers, d...@wieers.com, http://dag.wieers.com/
-- dagit linux solutions, i...@dagit.net, http://dagit.net/

[Any errors in spelling, tact or fact are transmission errors]

Freeipa-users mailing list

Reply via email to