On Thu, Feb 14, 2013 at 10:02 AM, Dag Wieers <[email protected]> wrote: > Hi, > > Another interesting recommendation from security is that all granted access > (that is exceptional, rather than permanent) should be limited in time from > the onset. > > If this is not possible all granted access needs to be documented and > revised regularly. However a system that would automatically revoke access > after a certain period is preferred from a security/administrative > perspective. (Period to be defined when granting access) > > This would mean that e.g. sudo-rules, group memberships, etc. could have due > dates and that IPA ensures that these rights are revoked in due time. > > So I was wondering whether this is something that was already discussed as a > feature for IPA ?
+1 -- groet, natxo _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
