If you (or whatever sales guy) want to put YOUR OWN account at risk by using an insecure password, and not changing it periodically; go ahead. If you want to put MY money (or the owners of the company's) at risk for the convenience of a clueless sales guy, I'm taking my money & business elsewhere. How much is the convenience of not changing his password worth to him? At the very least, I would document very thoroughly my objections, including having him explicitly sign off on the plan, before implementing something like that.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan Sent: Tuesday, September 19, 2006 10:30 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SHAREPOINT AND EXTERNAL LDAP Let's put it this way, sales department make money , IT department spends it :( :( :( That's their point of view anyway...and I still don't have a good answer to why Citibank don't force you to change your password, and they offer web based ...? Thanks for your email -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Tuesday, September 19, 2006 12:10 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] SHAREPOINT AND EXTERNAL LDAP I have been involved in externally facing Microsoft sponsored extranet/Sharepoint sites. The password gets changed. We have a GUI web portal and we are forced to change the password. Sales people set your security policy these days? Ramon Linan wrote: > HI, > > I have a SharePoint site for a client, it is driving me crazy because > the sales people are telling me that the users for this site, cant > have their password expiring. The client is a government agency, so I > don't want to be responsible for any information being stolen. > > How big of a security risk is not having password expiring? it seems > to me like security 101, but the sales guy is saying that banks don't > ask you to change your password every X day, good point. > > > Something I was thinking is having SharePoint authenticating with > their LDAP server, is this possible to do? can anybody point to a url > on how to do this? > > thanks > > Rezuma -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
