On Thu, Feb 14, 2013 at 10:02 AM, Dag Wieers <d...@wieers.com> wrote:
> Hi,
> Another interesting recommendation from security is that all granted access
> (that is exceptional, rather than permanent) should be limited in time from
> the onset.
> If this is not possible all granted access needs to be documented and
> revised regularly. However a system that would automatically revoke access
> after a certain period is preferred from a security/administrative
> perspective. (Period to be defined when granting access)
> This would mean that e.g. sudo-rules, group memberships, etc. could have due
> dates and that IPA ensures that these rights are revoked in due time.
> So I was wondering whether this is something that was already discussed as a
> feature for IPA ?



Freeipa-users mailing list

Reply via email to