Wasn't this supposed to speed things up?

Wasn't this supposed to speed things up?

IT pilot fish is moving on with his career, but before he changes employers, he comes up with an easier way for users to get on the company intranet."

Trivial Post-Intrusion Attack Exploits Windows RID
Government Mass Surveillance Breached Human Rights, Says European Court
‘Chaff Bug’ Defense Rolls Out Shiny Objects for Attackers to Find

IT pilot fish is moving on with his career, but before he changes employers, he comes up with an easier way for users to get on the company intranet.

“I wanted to relieve the staff of the need to memorize yet another username/password combination — or write it on a sticky note to be posted on the wall,” says fish.

“So I set up an interface that used Windows Active Directory for access authorization, with appropriate fallback in case the domain controller couldn’t be accessed. The whole thing worked like a dream.”

Fast forward a couple years: Fish is brought back in to add more capabilities to the Intranet that’s been faithfully chugging along since he left. But as fish starts on the new project, the IT director casually mentions that intranet logins have been running a lot slower. Could fish perhaps check into that too?

Fish considers the growth of the user base, the design of the Active Directory interface and several other factors, but they don’t account for a big slowdown. He finally resorts to adding code to trace the execution path of the authorization process.

That’s when he discovers that the authorization process is no longer working at all.

“Instead it always used the fallback: matching against the last successfully cached password,” fish says.

Then he remembers something else — an offhand comment by the sysadmin, who was brought in after fish left.

The sysadmin told fish that he was never, ever able to access the intranet using his Active Directory credentials.

Fish circles back to ask about that remark — and the sysadmin mentions that, after fish left, they’d set up a new domain controller.

“No wonder it was so slow!” says fish. “Ever since that day, all intranet authorization requests were being issued to an outdated LDAP address and, after waiting for the normal lengthy timeout period to expire, would then authorize the users via the fallback. No one thought to modify the intranet’s LDAP reference.

“I updated it, and after the login process was again almost immediate, the IT director told me, ‘I always wondered why I always had to use my password from two years ago.'”

Sharky’s password is TruTalez0fITLif3. Send me your story at sharky@computerworld.com. You’ll snag a snazzy Shark shirt if I use it. Comment on today’s tale at Sharky’s Google+ community, and read thousands of great old tales in the Sharkives.

Get your daily dose of out-takes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.

Go to Source