[Cialug] ask CIALUG: test accounts in the modern environment?
Andy Denner
linux-list at upeke.com
Tue May 17 13:03:15 UTC 2022
I'd argue rather than calling them test accounts, call them dev or qa
service accounts.
jim kraai wrote on 5/13/2022 8:24 AM:
> I'm working for a large government org (four large state universities and
> colleges are well into the process of consolidating their IT systems) with
> enterprise-scale systems, user counts, billing, etc., with the full range
> of historical mainframe, oracle-as-neo-mainframe, a couple of thousand web
> sites, cloud services on the rise, and appear to be 80+% done with a
> migration from OpenLDAP to AD.
>
> I'm getting resistance to the idea of creating test accounts for migrating
> systems that either weren't on OpenLDAP or had hacked/hybridized auth/auth
> code to AD.
>
> I would really appreciate it if anyone would give points on both sides of
> the general argument.
>
> The argument I'm formulating at this moment is that it's more secure and
> less customer-impactful to have known, controllable test accounts to
> perform a full range of tests on than to hunt-and-hope through the existing
> user base for accounts to hijack or to manipulate each other's (devs')
> accounts for testing.
>
> In my ideal world, I'm thinking of a pool of fleshed out accounts as IT
> resources that can each be managed and allocated for internal use with
> something like memberships in a custom security group or having a set of
> custom security attributes to identify the account, support logging, and
> prevent external activities--like billable stuff.
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
More information about the Cialug
mailing list