Security Basics mailing list archives
Re: Password management System
From: "Samantha Fetter" <Samantha.Fetter () truevalue com>
Date: Fri, 26 Mar 2010 10:43:33 -0500
FYI - Novell Access Manager is different than "Novell Identity and Access Management solutions". Novell Access Manager (the links provided) is for fronting Web applications only (reverse proxy), and doesn't do any password management - it leverages eDirectory, Active Directory, etc as an authentication source. It can also do Federation to outside sides. It does also have an SSLVPN that allows granular access to internal resources. Novell SecureLogin is for SSO-enabling basically any sort of application, including web, thin and thick-clients - http://www.novell.com/products/securelogin/ Novell Identity Manager - Provisioning, Password Management, etc - http://www.novell.com/products/identitymanager/ Cheers, Samantha
John Morrison <john.morrison101 () googlemail com> 3/24/2010 11:34 AM
Depends on what scale you want to do this. For enterprise scale Novell Access Manager can be used and runs on Linux. http://www.novell.com/products/accessmanager/integrate.html http://www.novell.com/products/accessmanager/techspecs.html Enterprise Single Sign-On Novell Identity and Access Management solutions allow users to access a variety of network resources through a single sign-on process. Once users log in to any computer on the network, they are automatically authenticated to the single sign on-enabled applications, databases and operating system platforms they need—with just one login. These single sign-on capabilities are also flexible enough to require more than one type of authentication—such as fingerprints, tokens, smart cards, strong passwords or any combination of these—to ensure roles-based access to sensitive information. With enterprise single sign-on, organizations can eliminate most password-related calls to the helpdesk and allow IT administrators to focus on value-added projects. Password Management Everyone recognizes the need for strong passwords, but without enforcement, even the strongest password policy does nothing to strengthen security. And yet, enforcement is difficult because applications and systems interact with users in different ways, and some don’t even have the capability to specify password requirements. Our automated approach to identity and access management allows organizations to set and enforce strong password policies. Novell Password Management stands between a user and her authorized applications. When a new user is created, or when his credentials change, Password Management validates the password against your company policy, and then synchronizes the password to all other systems. And easy self-service features increase user and IT staff productivity because users can manage their own credentials rather than calling the helpdesk to reset passwords. On a more personal scale CyberCiti has some options. http://www.cyberciti.biz/tips/personal-password-manager-linux-windows-os-x.html On 22 March 2010 21:15, Gichuki John Chuksjonia <chuksjonia () gmail com> wrote:
Hi guys. Please help on this, been researching but is still wonna hear you
ideas.
Am looking for a secure Password Management System that can work on Unix or Even Linux systems. I wonder if there is any system as above that has several levels of Security. E.g a system password has a higher level, firewall passwords to be more higher, and maybe webapp passwords more lower level etc. Also has info on who to log into
each
level and if someone tried to bypass to jump to another profile. Any ideas? Regards, ./Chuks -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer () inbox com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs
an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Password management System Gichuki John Chuksjonia (Mar 24)
- Message not available
- Re: Password management System Gichuki John Chuksjonia (Mar 26)
- Message not available
- Re: Password management System mailing lists (Mar 26)
- Re: Password management System John Morrison (Mar 26)
- Re: Password management System Samantha Fetter (Mar 29)
- Re: Password management System Marc-André Laverdière (Mar 26)
- Password alternatives WALI (Mar 29)
- RE: Password alternatives David Gillett (Mar 30)
- Re: Password alternatives Adam Mooz (Mar 30)
- Message not available
- Fwd: Password alternatives Kurt Buff (Mar 30)
- Re: Password alternatives John Morrison (Mar 30)
- Re: Password alternatives Ansgar Wiechers (Mar 31)
- Re: Password alternatives Brent Gardner (Mar 31)
- Password alternatives WALI (Mar 29)
- Re: Password alternatives Yousef Syed (Mar 31)