Applications & password aging

From: Doug O'Leary (dkoleary_at_olearycomputers.com)
Date: 09/01/04 

Date: Wed, 01 Sep 2004 16:15:00 GMT

Hey, all;

I'm looking for a clever idea. I'm at a client that, historically,
has had an incredibly relaxed security profile. Now, thanks to
Sarbanes Oxley, they're having to tighten that up quite a bit.k

They have a number of HP systems which users access through applications
run from their Windows desktops. As I understand it, these applications
simply telnet to the systems, log in, then interact with the system.

I have been told that the applications will simply fail to log in with an
appropriately obtuse error message if the system prompts for a password
change. I haven't had a chance to verify this, but, I can believe it.

I've also been told that the client has talked to the vendor to no
avail; apparently the vendor is unable/unwilling to update their
application to understand the need for password changes.

The only thing I can think of is to ensure users get emails when their
passwords are about to expire, provide them with a tool (preferrably
ssh) to manually log into the system, and the training to change
their passwords. As you might imagine, this is not going to be a pretty
implementation.

Other than a massive user training effort to understand the need
and procedure for periodically changing passwords, does anyone have
any clever ideas on how to merge seemingly mutually exclusive
requirements?

Thanks for any hints/tips/suggestions.

Doug 

-- 
--------
Senior UNIX Admin
O'Leary Computer Enterprises
dkoleary@olearycomputers.com (w) 630-904-6098 (c) 630-248-2749
resume:  http://www.olearycomputers.com/resume.html

Relevant Pages

  • Re: Applications & password aging
    ... Doug O'Leary writes: ... > I'm looking for a clever idea. ... I'm at a client that, historically, ... As I understand it, these applications ...
    (comp.sys.hp.hpux)
  • Re: Passwords plus
    ... Turn off your computer, box it up, lock it in a safe, bury it in the yard.. ... know above and beyond what is there as well as other methods and applications you can use to protect yourself. ... you aren't always "in that locked area" when using your computer online - meaning you likely have usernames and passwords associated with web sites and the likes that you would prefer other people do not discover/use. ... Microsoft put in an AUTOMATED feature for you to utilize so that you do ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: SBS2003 - Terminal Server - RWW too many steps
    ... Smartcard readers are compact, dirt cheap, and circumvent 95% of the concerns with exposing RDP on the internet at-large. ... Is the revenue from this client so important to your business that its worth putting your business at risk? ... >>> 2 requires the same port redirect, does not require a listening port ... >> passwords are about as weak as you can expect....and there is little ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS2003 - Terminal Server - RWW too many steps
    ... Is the revenue from this client so important to your business that its worth putting your business at risk? ... >>> 2 requires the same port redirect, does not require a listening port ... >>> newest RDP clients with policies to require them. ... >> passwords are about as weak as you can expect....and there is little ...
    (microsoft.public.windows.server.sbs)
  • Re: Cant change security policy
    ... I'll try to get the secure passwords accepted by the client, ... While the server was just server and no ... > improved security policy that will go into effect 7 days after the system is ...
    (microsoft.public.windows.server.sbs)