On 07/ 6/11 11:18 AM, James Kissler wrote:
Aaron, I can understand where you are coming from. I have a good number of Sunrays deployed. We require the use of smartcard and pin for authentication on both PCs and Sunrays (used for terminal services). This is a hard requirement for all users, with the exception of admin personnel, the only people to use OVDC. It would be nice to be able to enforce smartcard authentication for physical clients while allowing a more liberal access policy for OVDC connections.
How would you prevent a random person from running OVDC, and thus circumvent your hard security policies regarding smartcard use? There's always a tension between security and convenience, you need to choose your comfortable balance point and pursue consistent and compatible policies throughout your enterprise. The most convenient policy is to not use passwords for users, but that's not very secure... -Bob P.S. 25 years ago I was a network admin (and developer :-) ) at a company where the policy was "no root passwords", to make our job simpler when dealing with unattended workstations which were causing problems (it only took one misconfigured or broken machine to bring the entire corporate network down). Ah, the halcyon days of innocent trust :-). Things are certainly less convenient today. _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
