On Fri, June 17, 2016 13:08, Valeri Galtsev wrote:
We do not expire accounts until the person leaves the Department and grace period passes. Then we do lock account and after some time person's files are being deleted. This is the policy, and this is what we do. The only time when account expiration is being set is for undergraduate students who temporarily work with some professor. For them expiration is being changed when the continue to work with the professor next academic year.
Is this not what everybody does?
Every end-user account, including my own, is given an expiry date six to twelve months in the future and that is extended at intervals as needed. The only exception to this are the root users which have no expiry date set.
A forgotten and disused user account that retains access to your system is a significant risk in my opinion.