[Freeipa-users] Granting rights temporarily
Dag Wieers
dag at wieers.com
Thu Feb 14 09:02:56 UTC 2013
Hi,
Another interesting recommendation from security is that all granted
access (that is exceptional, rather than permanent) should be limited in
time from the onset.
If this is not possible all granted access needs to be documented and
revised regularly. However a system that would automatically revoke access
after a certain period is preferred from a security/administrative
perspective. (Period to be defined when granting access)
This would mean that e.g. sudo-rules, group memberships, etc. could have
due dates and that IPA ensures that these rights are revoked in due time.
So I was wondering whether this is something that was already discussed as
a feature for IPA ?
--
-- dag wieers, dag at wieers.com, http://dag.wieers.com/
-- dagit linux solutions, info at dagit.net, http://dagit.net/
[Any errors in spelling, tact or fact are transmission errors]
More information about the Freeipa-users
mailing list