[CentOS] How to disable screen locking system-wide?

Adam Tauno Williams awilliam at whitemice.org
Thu Jan 20 14:05:21 UTC 2011


On Thu, 2011-01-20 at 14:08 +0100, Giles Coochey wrote: 
> On 20/01/2011 13:12, Adam Tauno Williams wrote:
> > On Thu, 2011-01-20 at 11:05 +0000, John Hodrien wrote:
> >> An account is a personal account that should not be shared.
> > +1
> > Also, at least in the United States, locking a PC / workstation after 15
> > minutes of idle is a requirement of PCI/DSS - which your company almost
> > certainly agreed to if you process credit card or other payment
> > information.  HIPPA, FERPA, and friends have similar requirements /
> > strong-recommendations.
> > Ask a competent lawyer and he'll/she'll tell you to lock unattended
> > workstations.
> > This has nothing to do with auditing the access to or usage of data -
> > that is a separate issue
> Yes, what you mention then becomes a legal compliance issue.
> Note, however, that many small companies completely outsource credit 
> card payment by using third-party processing (e.g. Worldpay). This means 
> they have no card data environment and don't need to comply with PCI/DSS 
> in their offices.
> Even companies that do in-house card payment processing only have to 
> enforce PCI/DSS in their CDE.

Correct;  I'm just of the
stick-to-as-much-of-the-strictest-requirements-in-as-much-of-the-network-as-possible school.  It helps avoid debates and issues about where and where not a requirement applies [some of the clauses are pretty vague].  Call it CYA if you like.

While such standards are much-maligned I actually find them useful as a
tool for pushing for better security against crowds that don't like
password change requirements, etc...  The standards speak a language
"suits" understand and to some degree believe in [or at least fear,
which works well enough].

> I can't speak for HIPPA, SOX etc... but automatic locking is part of  IT 
> best practice.






More information about the CentOS mailing list