What about the use of a token based product, such as RSA SecurID?
Each token can be used only once, meeting the requirement for
auditable non-static passwords.
http://www.rsasecurity.com/products/securid/datasheets/SIDMS_DS_0504.pdf
Regards,
J
List info : http://www.activedir.org/List.aspx
that. If you can get it to work
at all, theres still the problem of the single point of failure.
Wook
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, January 05, 2006
3:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] User
Password Expiration
Hello Everyone,
I have an application that allows different users to reset a
special domain account that allows for RDP sessions to be established on
thousands of machines on a domain. These usernames have a policy that
forces the password to expire within 2 minutes. If the password has
Basically, you want them to have aone-time-use password? Is that correct?
That's interesting. I haven't seen anything like that, but I imagine that's something that allows an outside vendor to have remote access to do something they need to do, but for security reasons you wouldn't want them to
] User Password Expiration
Basically, you want them to have aone-time-use password? Is
that correct?
That's interesting. I haven't seen anything like that, but I imagine
that's something that allows an outside vendor to have remote access to do
something they need to do, but for security reasons
@mail.activedir.orgSubject: Re: [ActiveDir] User Password
Expiration
Basically, you want them to have aone-time-use password? Is
that correct?
That's interesting. I haven't seen anything like that, but I imagine
that's something that allows an outside vendor to have remote access to do
something
?
Thanks,
Edwin
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of joe
Sent: Thursday, January 05, 2006
10:17 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] User
Password Expiration
If the whole goal is to disallow access to
other machines and it has
@mail.activedir.orgSubject: RE: [ActiveDir] User Password Expiration
If the whole goal is to disallow access to other machines and it has to be enforced, I would not use a domain ID. I would work with local IDs on the specific machines, these IDs should not be the same as the IDs on other machines
ovide some
direction?
Thanks,
Edwin
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joeSent: Thursday, January 05, 2006 10:17
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] User Password
Expiration
If the whole goal is to
disallow access to other machines
From: [EMAIL PROTECTED] on behalf of joe
Sent: Thu 1/5/2006 3:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] User Password Expiration
The logon script could do it directly, but to do so means that the userid has
the ability to modify its own pwdLastSet value and a bright
were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Edwin
Sent: Thu 1/5/2006 11:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] User Password Expiration
No. That is not what is happening.
I work for a web hosting
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, January 05, 2006 9:39 PM
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] User Password Expiration
The way I understand his requirement (RE: I want
12 matches
Mail list logo