[brlug-general] Active Directory Mandated at LSU

Dustin Puryear dustin at puryear-it.com
Mon Oct 1 09:50:41 CDT 2007 

That's what this is about? Looks not only straight-forward, but like
something they should have done sooner to me.

--
Puryear Information Technology, LLC
Baton Rouge, LA * 225-706-8414
http://www.puryear-it.com

Author, "Best Practices for Managing Linux and UNIX Servers"
  http://www.puryear-it.com/pubs/linux-unix-best-practices

Identity Management, LDAP, and Linux Integration


worms wrote:
> http://appl003.lsu.edu/itsweb/securityweb.nsf/$Content/LSU/$file/letter.pdf
> 
> On 9/27/07, Dustin Puryear <dustin at puryear-it.com> wrote:
>> If you are part of AD, then you are subject to a Domain Admin, period.
>> Now, if they are establishing various trust relationships then things
>> are different. Since we don't know how any of this is being implemented,
>> it's next to impossible to really know one way or the other. :)
>>
>> --
>> Puryear Information Technology, LLC
>> Baton Rouge, LA * 225-706-8414
>> http://www.puryear-it.com
>>
>> Author, "Best Practices for Managing Linux and UNIX Servers"
>>   http://www.puryear-it.com/pubs/linux-unix-best-practices
>>
>> Identity Management, LDAP, and Linux Integration
>>
>>
>> Andrew Baudouin wrote:
>>> He's talking about the fact that IT has promised the department admins
>>> the ability to lock IT out of their servers.
>>>
>>> Nothing to see here, move along.
>>>
>>> On 9/27/07, * Dustin Puryear* <dustin at puryear-it.com
>>> <mailto:dustin at puryear-it.com>> wrote:
>>>
>>>     Honestly, I don't know what you mean by "AD lockout". :)
>>>
>>>     --
>>>     Puryear Information Technology, LLC
>>>     Baton Rouge, LA * 225-706-8414
>>>     http://www.puryear-it.com
>>>
>>>     Author, "Best Practices for Managing Linux and UNIX Servers"
>>>       http://www.puryear-it.com/pubs/linux-unix-best-practices
>>>
>>>     Identity Management, LDAP, and Linux Integration
>>>
>>>
>>>     willhill wrote:
>>>     > The problems is that people like you are already running ADs of
>>>     their own and
>>>     > think they are doing a better job than IT will.  I've gotten
>>>     conflicting
>>>     > reports of how much control this will actually give the IT
>>>     people.  IT claims
>>>     > they will let you lock them out and there's no way around that
>>>     lock out.
>>>     > Others have their doubts.  These people know their machines and their
>>>     > department needs much better than the IT people do, so I can
>>>     understand their
>>>     > suspicion and fear.  Job security is another thing for them to
>>>     worry about.
>>>     >
>>>     > So, Dustin, who's right about the AD lockout?
>>>     >
>>>     > On Thursday 27 September 2007 10:36 am, Dustin Puryear wrote:
>>>     >> My thoughts are that if LSU owns the equipment, then they get to
>>>     manage
>>>     >> it. And when it comes to AD, fact is, I *like* AD. It's powerful
>>>     and has
>>>     >> some very strong policy enforcement mechanisms.
>>>     >>
>>>     >> What I think gets lost in the shuffle sometimes is the fact that it
>>>     >> costs much more to manage a box than it does to buy a box. MUCH MORE.
>>>     >> And it's a recurring expense. So any mechanism that makes improves
>>>     >> management is usually fine by me. :)
>>>     >>
>>>     >> This goes for Windows, Linux, whatever.
>>>     >
>>>     > _______________________________________________
>>>     > General mailing list
>>>     > General at brlug.net <mailto:General at brlug.net>
>>>     > http://mail.brlug.net/mailman/listinfo/general_brlug.net
>>>
>>>     _______________________________________________
>>>     General mailing list
>>>     General at brlug.net <mailto:General at brlug.net>
>>>     http://mail.brlug.net/mailman/listinfo/general_brlug.net
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> General mailing list
>>> General at brlug.net
>>> http://mail.brlug.net/mailman/listinfo/general_brlug.net
>> _______________________________________________
>> General mailing list
>> General at brlug.net
>> http://mail.brlug.net/mailman/listinfo/general_brlug.net
>>
> 
> _______________________________________________
> General mailing list
> General at brlug.net
> http://mail.brlug.net/mailman/listinfo/general_brlug.net

More information about the General mailing list