Although we do not use the Transarc password expiration feature we
force all users to change their passwords twice a year. We post
news and email everyone and give them 1 month to change their
password. After a month we disable accounts who have not made the
change. This way we weed out accounts that are not used.
We do use the AFS history mechanism which will not allow a user
to use their last 20 passwords. If users complain you indicate,
(the truth), that it is a security matter and it is for their own
benefit. You need to convince management so they are on your side.
I don't know how anyone can argue against a strong security policy.
Kim Jaeyoung wrote:
>
> Hi, I'm running about 2000 AFS users here in POSTECH, Korea.
>
> Currently, a big headache for me is 'password expiration policy'.
> We have 6-month password expiration policy for every AFS users, that is,
> users should change their password at least once within 6 months. However,
> users constantly complain about it. So, I'm very curious how other AFS
> sites do on this policy.
>
> . Do you have password expiration policy? Why? or Why not?
>
> . How long do you restrict the password lifetime? What is the best
> appropriate lifetime do you think?
>
> . How do you ease the complaints from many users on the policy?
>
> Thanks for any comments and answers. Bye.
>
> --
> ============================================================================
> __/\__ ** Remember Yesterday, Dream about Tomorrow, but ... LIVE TODAY !!!
> \ /\ / -------------------------------------------------------------------
> /_\/_\ ** [EMAIL PROTECTED] http://www.postech.ac.kr/~jay
> \/ ** Jaeyoung Kim Dept. of Computer Science, POSTECH, KOREA
--
John W. Sopko University of North Carolina
[EMAIL PROTECTED] Computer Science Dept.; CB3175
Phone: 919-962-1844 Sitterson Hall; Room 135
Fax: 919-962-1799 Chapel Hill, NC 27599
