Erik Ableson on Nostr: TOTD: Should we be using a separate identity system for the accounts that are used to ...
TOTD: Should we be using a separate identity system for the accounts that are used to manage infrastructure components?
Not just separate account as in the classic “username-adm” approach, but a completely separate directory stack that requires MFA on *all of the things*
Not really an option in the cloud systems, but anything on-prem could follow this model and it allows us to be really draconian about controlling modifications in a way that is too inconvenient on the general directory system
Not just separate account as in the classic “username-adm” approach, but a completely separate directory stack that requires MFA on *all of the things*
Not really an option in the cloud systems, but anything on-prem could follow this model and it allows us to be really draconian about controlling modifications in a way that is too inconvenient on the general directory system