Security Basics mailing list archives

Re: Password management System

From: John Morrison <john.morrison101 () googlemail com>
Date: Wed, 24 Mar 2010 16:34:28 +0000

Depends on what scale you want to do this.

For enterprise scale Novell Access Manager can be used and runs on Linux.
        http://www.novell.com/products/accessmanager/integrate.html
        http://www.novell.com/products/accessmanager/techspecs.html

Enterprise Single Sign-On
Novell Identity and Access Management solutions allow users to access
a variety of network resources through a single sign-on process. Once
users log in to any computer on the network, they are automatically
authenticated to the single sign on-enabled applications, databases
and operating system platforms they need—with just one login. These
single sign-on capabilities are also flexible enough to require more
than one type of authentication—such as fingerprints, tokens, smart
cards, strong passwords or any combination of these—to ensure
roles-based access to sensitive information. With enterprise single
sign-on, organizations can eliminate most password-related calls to
the helpdesk and allow IT administrators to focus on value-added
projects.

Password Management
Everyone recognizes the need for strong passwords, but without
enforcement, even the strongest password policy does nothing to
strengthen security. And yet, enforcement is difficult because
applications and systems interact with users in different ways, and
some don’t even have the capability to specify password requirements.
Our automated approach to identity and access management allows
organizations to set and enforce strong password policies. Novell
Password Management stands between a user and her authorized
applications. When a new user is created, or when his credentials
change, Password Management validates the password against your
company policy, and then synchronizes the password to all other
systems. And easy self-service features increase user and IT staff
productivity because users can manage their own credentials rather
than calling the helpdesk to reset passwords.

On a more personal scale CyberCiti has some options.
        http://www.cyberciti.biz/tips/personal-password-manager-linux-windows-os-x.html




On 22 March 2010 21:15, Gichuki John Chuksjonia <chuksjonia () gmail com> wrote:

Hi guys.

Please help on this, been researching but is still wonna hear you ideas.

Am looking for a secure Password Management System that can work on
Unix or Even Linux systems. I wonder if there is any system as above
that has several levels of Security. E.g a system password has a
higher level, firewall passwords to be more higher, and maybe webapp
passwords more lower level etc. Also has info on who to log into each
level and if someone tried to bypass to jump to another profile.

Any ideas?

Regards,

./Chuks

--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosigmer () inbox com

{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works,
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Password management System Gichuki John Chuksjonia (Mar 24)
- Message not available
  - Re: Password management System Gichuki John Chuksjonia (Mar 26)
- Re: Password management System mailing lists (Mar 26)
- Re: Password management System John Morrison (Mar 26)
  - Re: Password management System Samantha Fetter (Mar 29)
- Re: Password management System Marc-André Laverdière (Mar 26)
  - Password alternatives WALI (Mar 29)
    - RE: Password alternatives David Gillett (Mar 30)
    - Re: Password alternatives Adam Mooz (Mar 30)
    - Message not available
    - Fwd: Password alternatives Kurt Buff (Mar 30)
    - Re: Password alternatives John Morrison (Mar 30)
    - Re: Password alternatives Ansgar Wiechers (Mar 31)
    - Re: Password alternatives Brent Gardner (Mar 31)
    - Re: Password alternatives Yousef Syed (Mar 31)

(Thread continues...)