[OpenAFS] Best practice for cleaning up PTS groups after users
are deleted
Jeffrey Altman
jaltman@secure-endpoints.com
Thu, 26 Jul 2012 17:56:41 -0400
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigD0A034A054018A759347F2CF
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
A security best practice is to never delete users and groups because=20
you don't know what ACLs they might be listed on.
The same is true for Kerberos principal names. You can disable the=20
issuance of tickets but do not remove them from the database.
On Thursday, July 26, 2012 4:48:31 PM, Edgecombe, Jason wrote:
> Hi everyone,
>
>
>
> How do other sites deal with groups after users are deleted? How do
> you expire groups that own other groups? Are there pre-existing
> scripts for doing this?
>
>
>
> Thanks,
>
> Jason
>
>
>
> -----------------------------------------------------------------------=
----
>
> Jason Edgecombe *| *Linux and Solaris Administrator
>
> UNC Charlotte *| *The William States Lee College of Engineering
>
> 9201 University City Blvd. *| *Charlotte, NC 28223-0001
>
> Phone: 704-687-3514
>
> jwedgeco@uncc.edu <mailto:jwedgeco@uncc.edu> *| *http://coe.uncc.edu
> <http://coe.uncc.edu/> | Description: facebook-logo
> <https://www.facebook.com/UNCCEngr> Facebook
> <https://www.facebook.com/UNCCEngr>
>
> -----------------------------------------------------------------------=
----
>
> If you are not the intended recipient of this transmission or a person
> responsible for delivering it to the intended recipient, any
> disclosure, copying, distribution, or other use of any of the
> information in this transmission is strictly prohibited. If you have
> received this transmission in error, please notify me immediately by
> reply e-mail or by telephone at 704-687-3514. Thank you.
>
>
>
--------------enigD0A034A054018A759347F2CF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iQEcBAEBAgAGBQJQEb0ZAAoJENxm1CNJffh4JMkIAOQT6v6spLeulz0wVattRu3l
BjkDU4Nl7df2bvxSiJZoQ42QjiNa2j5VIz5ePPuq0wUxIcTSxLDcVRRbYPMyFUiR
RdIncx5ezqgh0RzbovvlMPZQKelVwRlvyhWbEmjbw0BTQ5WEqlmUz28DfxdmBv8G
VzQ+cvHqY0vnNkN/RnQ+5szES9B34kj0pi5dVvFoTPZGYTxaaiOO1yiqRjiBqGHk
q7u+/55BcJr7nrjeriR29Zu2+dITEp1+YC34ioeEtEjQvNv4zeoJd/70tzcPv7GU
qsox6UpVubvz+spuR293oVB2NLCPR9ms0g2Y7g/qzOaf8JnmORB7lWpgWLxKG2U=
=UHD5
-----END PGP SIGNATURE-----
--------------enigD0A034A054018A759347F2CF--