A security best practice is to never delete users and groups because you don't know what ACLs they might be listed on. The same is true for Kerberos principal names. You can disable the issuance of tickets but do not remove them from the database.
On Thursday, July 26, 2012 4:48:31 PM, Edgecombe, Jason wrote: > Hi everyone, > > > > How do other sites deal with groups after users are deleted? How do > you expire groups that own other groups? Are there pre-existing > scripts for doing this? > > > > Thanks, > > Jason > > > > --------------------------------------------------------------------------- > > Jason Edgecombe *| *Linux and Solaris Administrator > > UNC Charlotte *| *The William States Lee College of Engineering > > 9201 University City Blvd. *| *Charlotte, NC 28223-0001 > > Phone: 704-687-3514 > > [email protected] <mailto:[email protected]> *| *http://coe.uncc.edu > <http://coe.uncc.edu/> | Description: facebook-logo > <https://www.facebook.com/UNCCEngr> Facebook > <https://www.facebook.com/UNCCEngr> > > --------------------------------------------------------------------------- > > If you are not the intended recipient of this transmission or a person > responsible for delivering it to the intended recipient, any > disclosure, copying, distribution, or other use of any of the > information in this transmission is strictly prohibited. If you have > received this transmission in error, please notify me immediately by > reply e-mail or by telephone at 704-687-3514. Thank you. > > >
signature.asc
Description: OpenPGP digital signature
