Re: Password Storage

[Devdas Bhagat <devdas () dvb homelinux org>]

On 01/08/06 15:11 +0000, Doug W wrote:
> Hi Everyone
>
> What do people generally do in the case of password storage?  For example, 
> I strongly believe that storing passwords in documents is a terrible idea 
> as I am sure you would agree.
Personally, I am the fan of one password for all things. And then make
sure that this is a strong password.
Making me change my 15 character mixed case, numeric and special
character using password is likely to have bad effects on security.

> However, how do you account for having multiple support staff, possibly 
> working off site, most with extremely bad memories (unfortunately), and in 
> need of high level rights to fix systems etc.
For everything else, sudo(8) is your friend. Logging in using ssh, with
key only authentication works fine.

> I also try to enforce that all actions are taken wtih the users own 
> privileged account for auditing purposes but when building machines, 

Use software like cfengine, isconf4, puppet, bcfg2 ... for such
purposes.

> installing software or troubleshooting problems, service accounts and 
> administrations accounts may be required.
About the only time the administrative password should be needed is for
major troubleshooting.

Of course, all the above applies to Unixy systems.

Devdas Bhagat

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------