Hi John, how often do these people need to learn new passwords?
Most companies that i have been involved with have one super-person (usually something close to a board member - or in German often the Prokurist, no idea what that title is called in English) who keeps the list and gives passwords out on a need to know basis. There are, in my opinion, many advantages to having a human factor in the equation rather than relying on machines. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg ______________ Es gibt 10 arten von Menschen auf dem Planeten, welche die Bin�r verstehen, und welche die es nicht tun. -----Urspr�ngliche Nachricht----- Von: John Brightwell [mailto:[EMAIL PROTECTED] Gesendet: Thursday, July 10, 2003 2:50 PM An: [EMAIL PROTECTED] Betreff: Multi-User Access to Password Database Dear All Looking through the archive of secuity newsgroups and mailing lists it looks as though there have been a few threads related to personal storage of passwords. Typically this results in a file or index of passwords encrypted and protected by a single password. I need to store a number of passwords and these must be available to a group of support personnel and engineers. 1. I don't want to have a single shared password to access this data because it gets widely known and abused (it's also impossible then to identify who is accessing the information) 2. I want to be able to identify the person requesting the information so that an audit trail can be produced (useful to get an idea who knows each password) and so that only a subset of the passwords are available to that user (determined by their need to access the equipment) 3. The database used must securely encrypt the password information I don't particularly want to burden the support staff with yet another password, so ideally it would be good to use one of the current methods of authentication that we use. We use ssh so the authentication to the database can be based on the ssh private key. We use SecurID so the authentication can be based on the token (I prefer this one ... it also seems more likely than ssh-key based). Can anyone think of a likely application ... how do you store your system passwords? It doesn't have to be freeware/open source (I've got limited coding ability and even more limited time so I don't fancy starting from scratch) ... although I guess I'd need to be fairly certain that there are no backdoors coded into the application (a reputable source perhaps) __________________________________________________ Yahoo! Plus - For a better Internet experience http://uk.promotions.yahoo.com/yplus/yoffer.html --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
