Re: distributing passwords to users

[ksha <ksha () mitm cl>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/07/2011 05:06 AM, synja () synfulvisions com wrote:
> Standard procedure in most instances is to generate a random password,
email it to the user, and force the user to change the password upon login.
> Is there a reason you aren't doing this?
>
>
> Rob
> Sent on the Sprint® Now Network from my BlackBerry®
>
> -----Original Message-----
> From: G V <gvasiliu () gmail com>
> Sender: listbounce () securityfocus com
> Date: Mon, 5 Dec 2011 22:30:24
> To: <security-basics () securityfocus com>
> Subject: distributing passwords to users
>
> Hi,
>
> From your experience, what's the best secure and easy way to update a
> password list and distribute it to 1000 or so unix users? The users
> would have different privilege levels and different access on network.
> Throwing ideas, I can think of: pgp (difficult to maintain a separate
> file for each user), web app (would need to be sucured over ssl,
> possible password protected), usb disks (difficult to manage changes).
> Anyone using an enterprise level app (commercial or not) to "share"
> passwords to users, manage changes and so on? Any other ideas I can
> use?
>
> Thank you,
> George Vasiliu
you will can keep passwords with keepass for windows or keepassx for
unix/linux systems. also you will can use others password's managers for
unix/linux systems.

> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate. We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------


- -- 

Ninja Coder

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJO36riAAoJEP64MfdRn+k8GnYIANY0b+0ITzsEZqltx5qHQCp1
GPR3gLjEv9hLk+tx1l/9WskdyXw+zcF9hRQknGiReVIXeYzbhtQqD7J03SNMvWL9
RRDNvQThWdjjhX2/EFh0eFbhFDZAeGiaSiVwv58bv/IANc/lRKkH8osnOAPNAyDg
c9sfp2L9B6pnalMRNbunmW1oWXLUwu7N6+nmf0cJH6y6jTF3tnvppjkpoFYhglQt
0b/DP1wHipMnNHxtKUtpQ3YUjUCLspdo1/hWufgwB+4SX82Vp1JHRP/Vn0iZEtwf
nuWpmfjYehmMKejHVYi79ToxuFFuxS6IPRuZcALrgYkJP3cy7zeVGB2yNxTo9/k=
=PasS
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------