On Thu, Feb 14, 2013 at 10:02 AM, Dag Wieers <d...@wieers.com> wrote:
> Hi,
>
> Another interesting recommendation from security is that all granted access
> (that is exceptional, rather than permanent) should be limited in time from
> the onset.
>
> If this is not possible all granted access needs to be documented and
> revised regularly. However a system that would automatically revoke access
> after a certain period is preferred from a security/administrative
> perspective. (Period to be defined when granting access)
>
> This would mean that e.g. sudo-rules, group memberships, etc. could have due
> dates and that IPA ensures that these rights are revoked in due time.
>
> So I was wondering whether this is something that was already discussed as a
> feature for IPA ?

+1

-- 
groet,
natxo

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to