Educause Security Discussion mailing list archives
[no subject]
From: "Bowden, Zeb" <zbowden () VT EDU>
Date: Wed, 1 Jul 2009 12:59:49 -0400
Why not just use contact objects in AD as opposed to full user accounts? Contacts don't have the ability to login (i.e. a security context) but they will be able to hold all the demographic information you will likely need about them including an email address. Zeb Bowden IT Production Lead Virginia Bioinformatics Institute -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tupker, Mike Sent: Wednesday, July 01, 2009 1:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Hello, A situation has developed where a project lead/developer and a few departments are saying we need to give active directory accounts and email accounts to applicants. I was wondering if other schools give active directory and or email accounts to applicants? The situation scares me to be honest. None of the details have been worked out that I know of, but the idea of giving email accounts to anyone who fills out a form online seems like a bad idea. It may be possible to lock down AD enough, but it still sounds like we are saying "Sign this internet form and get a login to our network. Have fun elevating privileges and sending spam!" I may be being paranoid about this but I wanted to get some of the community's thoughts on this. If I'm just being paranoid, feel free to say so. :-) Oh, and we also use google apps for our student email. It appears that the google apps for edu agreement does allow for giving account to non-students if desired. Mike Tupker Systems Administrator Mount Mercy College
Current thread:
- [no subject] Bowden, Zeb (Jul 01)