User permission
in [Solaris]
|
Prev: M3000
Next: Global name space
From: Richard B. Gilbert on 11 Jul 2010 20:57 Cydrome Leader wrote: > Andrew Gabriel <andrew(a)cucumber.demon.co.uk> wrote: >> In article <bq2_n.10294$0A5.3801(a)newsfe22.iad>, >> harryooopotter(a)hotmail.co_ (Harry) writes: >>> Freddy wrote... >>> [...] >>>>> A01 .User cannot change his passwd >>>>> A02. The passwd never expires >>>> but how to meet the first condition....??? >>> [...] >>> >>> Why do you need this ? >>> >>> I could see anyonance on user's perspective; >>> and security issue on sysadmin's perspective. >> I can't think why you'd want to do this either, but as I said >> before, it tells you exactly how to do it on the man page. >> I even worked somewhere which used it too. They also forced >> everyone to change their password monthly. They thought they >> were so secure. Of course, everyone's current passwd will be >> some varient of July2010 at the moment, but people who write > > Haha It's really not that funny. Too many places have really ham handed security policies. Too much security is almost worse than none! When the security policy and procedures are so onerous that people actively look for ways to evade the restrictions, something is very wrong. Require twice daily password changes and you'll get passwords like wednesam and thursdypm! If you REALLY need mongo security, there are gadgets that can identify a finger print, or schemes using "something you have (magnetic card) and something you know (PIN)". I believe that there are devices that can recognize a finger print. Most employers are satisfied with reasonably standard login procedures.
From: Doug McIntyre on 11 Jul 2010 23:53 "Richard B. Gilbert" <rgilbert88(a)comcast.net> writes: >It's really not that funny. Too many places have really ham handed >security policies. Too much security is almost worse than none! >When the security policy and procedures are so onerous that people >actively look for ways to evade the restrictions, something is very wrong. Regulatory compliance can drive this as well. PCI is the most strident, and requires 90 day password rotation for systems dealing with protected credit card data and all infrastructure supporting such. Most often applied as this being the whole network anyway. >If you REALLY need mongo security, there are gadgets that can identify a >finger print, or schemes using "something you have (magnetic card) and >something you know (PIN)". I believe that there are devices that can >recognize a finger print. Most employers are satisfied with reasonably >standard login procedures. And again, PCI requires two-factor authentication for remote VPN access.. I don't know of many enterprises doing biometric (ie. fingerprint) access as part of the two-factor authentication, but RSA dongles and certificates are certainly in wide-spread usage. Of course all this doesn't prevent the biggest processors of credit-card data from doing the dumbest things possible, like storing all credit-card data swipes from day-one in some unprotected database.
From: Barry on 12 Jul 2010 02:27 On Fri, 9 Jul 2010 09:30:22 -0700 (PDT), Freddy <hclranjith(a)gmail.com> wrote: >Hi All, > > Can anybody pls help me to create a user in solaris/hp-ux with the >following conditions, with out using RBAC or SUDO . > > 1 .User cannot change his passwd > 2. The passwd never expires man useradd. > >Thank You, >Regards, >Freddy.
From: Freddy on 12 Jul 2010 15:28
On Jul 12, 11:27 am, Barry <god_freee_jo...(a)hotmail.com> wrote: > On Fri, 9 Jul 2010 09:30:22 -0700 (PDT), Freddy <hclranj...(a)gmail.com> > wrote: > > >Hi All, > > > Can anybody pls help me to create a user in solaris/hp-ux with the > >following conditions, with out using RBAC or SUDO . > > > 1 .User cannot change his passwd > > 2. The passwd never expires > > man useradd. > > > > >Thank You, > >Regards, > >Freddy. Can u pls let me know how its possible using useradd...? Freddy |