ABSTRACT
Traditional implementations of this model, although
useful, have several significant problems. When a new
user is added, a new username must be generated and a
new password stored on each of the relevant machines.
This can be a significant effort. Additionally, when a user
leaves the company, that user’s access must be terminated.
If there are several machines and databases, ensuring that
users are completely removed is not easy. The authors’
experience with PricewaterhouseCoopers LLP (Pricewater-
houseCoopers) assessing security of large corporations
suggests that users are often not removed when they
leave, creating significant security vulnerabilities.