On Fri, May 16, 2003 at 10:19:39AM -0400, Phillip Hofmeister wrote: > Have multiple copies on multiple shares on multiple systems. If you > really are concerned about them all puking, print the ASCII armors > version of the encrypted output. Putting a password in a seal envelope > (though a heavily used practice) is not the best solution.
Generally the password in sealed envelope goes into a safe that only upper management (in a big enough company) or someone else in a position of authority has access to. This also gives the company the ability to fire the sysadmins and hand the passwords to someone else (assuming of course that they sysadmins are trusted enough to not change the password secretly, hmmm) without having to extract information from them. In general, having secrets that can be 'held out' from the people who own/run the company is not professional, and once the security of said passwords is the responsibility of people who are paid to be responsible for things like that... The solution I would advocate is two 'root' passwords, i.e. account zero has two different ways in, and the management gets one of those. The difficulty is that most of those console boot issues lead to the system just asking for the 'root' password, *sigh*. Anyway, if the system is that hosed, it's time to pull out a boot disk. Bron.