Advice, opinions, and ideas sought.

Wed Jun 26 22:02:35 AEST 1991

In article <1991Jun26.055943.26481 at usenet.ins.cwru.edu> mike at snowhite.EEAP.CWRU.Edu (Mike Sidman) writes:
>
>The first deals with the distribution of accounts.  I am wondering
>if any of you have a policy for giving out accounts on a departmental
>UNIX machine.  For example, if a student says he/she wants an account,
>what is an exceptable explanation for their request?  Also, what type

 Originally this was handled on an ad hoc basis.  It worked well.  Then
we were connected to Internet, and the ad hoc approach broke down.  As
a result an acceptable explanation consists of a request from the
department chairman.  A requester, whether student or faculty from another
department, is advised to request access in writing to the dept chair.

>The second deals with security.  How would you monitor or approach
>person "A" if a different person (person "B" - friend, curious quasi-
>hacker, etc.) is utilizing person "A"'s account?

  If person "A" complains, the password is changed.  If person "A" does
not complain, it is assumed that person "B" has been authorized by
person "A", and it is moreover assumed that person "A" accepts full
responsibility for any abuses that may be carried out by person "B"
while using this account.  Unless you want to pull the plug on all
modems, and have a heavy guarding the door and checking photo IDs,
any more restrictive policy quickly becomes unworkable.

-- 
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
  Neil W. Rickert, Computer Science               <rickert at cs.niu.edu>
  Northern Illinois Univ.
  DeKalb, IL 60115                                   +1-815-753-6940