Re: Password Security and Distribution

[Andy Davidson <andy () nosignal org>]

Hi,

Embarassingly late reply; I've been away.

On Tue, Jan 24, 2006 at 10:48:45AM -0500, Jeremy Stinson wrote:
> We are in the need for a better mechanism for sharing passwords between our 
> engineers. Most of these passwords are for our client's systems where some 
> of them are controlling the password schemes (aka requiring shared user 
> accounts). 
[...] 
> In other companies we have used a PGP keyring to secure a text file that 
> contained all of these passwords and then put them onto a shared customer 
> portal. The problem with this strategy is what happens if you are not 
> on your computer where PGP is installed?

Encrypted text files are a nice way to go until you grow to the size
when people need very different levels of access, and centrally storing
a number of these files isn't good enough.

http://devel.pluto.linux.it/projects/Gringotts/ is what we use.  If an
engineer is not at a desk where they have gringotts installed, use the
-d flag to use a console/interactive version of the software instead of
the usual GTK gubbins.

-a