[CentOS] How to disable screen locking system-wide?

m.roth at 5-cent.us m.roth at 5-cent.us
Thu Jan 20 14:23:58 UTC 2011


Adam Tauno Williams wrote:
> On Thu, 2011-01-20 at 14:08 +0100, Giles Coochey wrote:
>> On 20/01/2011 13:12, Adam Tauno Williams wrote:
>> > On Thu, 2011-01-20 at 11:05 +0000, John Hodrien wrote:
>> >> An account is a personal account that should not be shared.
<snip>
> While such standards are much-maligned I actually find them useful as a
> tool for pushing for better security against crowds that don't like
> password change requirements, etc...  The standards speak a language
> "suits" understand and to some degree believe in [or at least fear,
> which works well enough].

Yeah, well, the problem is they're pushing more frequent password changes,
while, according the the other admin I work with, NIST only recommends
every two *years*. ESPECIALLY if you do *not* have single sign-on
everywhere, frequent password changes, and required a lot of difference
between the current password and the new one, *and* not coming anywhere
near the last year or two's worth of passwords is worse than useless, it's
counterproductive, since it makes social engineering much easier, since
*everyone* will be writing down their passwords.
>
>> I can't speak for HIPPA, SOX etc... but automatic locking is part of  IT
>> best practice.

HIPPA, and PII (Personal Information Identifier), and PHI (Personal Health
Information) is very, *very* much need-to-know *only*, and violation is
punishable by termination, and possibly criminal action.

      mark, who works for a US federal contractor with the US gov't, and
             had to get a "position of trust"* clearance for the job....

* Which I assume entitles me to see bottom secrets, or maybe bargain
basement secrets.... <g>




More information about the CentOS mailing list