4 Jan
2012
4 Jan
'12
4:03 a.m.
Subject: Re: AD and enforced password policies Date: Tue, Jan 03, 2012 at 10:58:35PM -0600 Quoting Jimmy Hess (mysidia@gmail.com):
Manual forced immediate password expiration should be in the security admin's toolbox as a possible response to observation of questionable or potentially remotely suspicious activity on a system that user had been logged into recently.
Indeed. If doubt arises, just change. Have been on the fringe of a kdc compromise. 10000 students and faculty were required to show up in person and change on approved terminals. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 Wow! Look!! A stray meatball!! Let's interview it!