Greetings
We’ve always stored ids as a separate file. Most are never used as users are typically iNotes users only (we lock out the id use from the person doc).
My manager asked why we don’t store the ids in the NAB for ease of admin (in that the id files get deleted when the user goes).
I seem to remember seeing that it posed a security threat. Can someone elaborate?
Also, I have approx 7500+ users, my NAMES.NSF is about 100Mb now. Are there other performance issues that I should consider before agreeing to store the id files in the NAB?
Also, many of our existing ids are expired…but every once in a while someone has a new reason to use a client. With the id file, I am able to recertify it. When it’s attached and expired, will I still be able to get it to recertify it?
Thanks for your time.
Norma
Subject: user ID stored in Names person doc
You don’t need access to the ID file in order to initiate a recertification. Open the NAB, select the users that you want to recertify in the people view, then pick “Recertify Selected People” off the Actions menu. Then the next time that the users authenticate to their home servers, their ID files will be updated with the new certificates.
dave
Subject: user ID stored in Names person doc
It is just a bad practice, plain and simple. You leave yourself open to way too many vulnerabilities bith internal and external if you leave the IDs in the person doc (especially if they had been created with the same default password).
One thing I have done in the past is create a database that has a simple document for each user and stores the ID in that document. That database is then locked down to all but System Admins.
Or just store them o media that can be locked up (assuming each ID has a unique file name).