We have a large number of systems each requiring a different password and I don't expect the sys admins to be able to remember them all (That's probably 100+ passwords when you take into account network equipment as well as unix and windows boxes - and that doesn't include all the desktop machines).
Faced with having to remember that many passwords and bearing in mind that some systems might not be used on a daily basis. I think it's expecting a bit much for the Admins to keep them all in their heads! There's a danger that they will write down the less used passwords or maybe they'll reuse passwords across multiple systems or they'll use easy to guess passwords (you can be certain there will be a disincentive to expire the passwords after x months) I can't see this Board Member being very impressed with the constant interruption. This would possibly be more appropriate for a DR solution for password access. Although I'd perhaps avoid using a very senior manager or Board member. IMO you need someone senior enough to be trusted, yet accountable enough not to ignore the procedures around access to the passwords - perhaps HR or Legal...but that's another debate. For what I require - ongoing access to passwords - it really needs to be a system solution I suspect that you are talking from the perspective of a small company - in which case you may have relatively few systems. I'm sure there must be products that do this - I was just hoping that someone listening in on this thread might have done it before. Thanks Anyway --- Meidinger Chris <[EMAIL PROTECTED]> wrote: > Hi John, > > how often do these people need to learn new > passwords? > > Most companies that i have been involved with have > one super-person (usually > something close to a board member - or in German > often the Prokurist, no > idea what that title is called in English) who keeps > the list and gives > passwords out on a need to know basis. > > There are, in my opinion, many advantages to having > a human factor in the > equation rather than relying on machines. > > badenIT GmbH > System Support > > Chris Meidinger > Tullastrasse 70 > 79108 Freiburg > > ______________ > > Es gibt 10 arten von Menschen auf dem Planeten, > welche die Binär verstehen, und welche die es nicht > tun. > > > > -----Ursprüngliche Nachricht----- > Von: John Brightwell > [mailto:[EMAIL PROTECTED] > Gesendet: Thursday, July 10, 2003 2:50 PM > An: [EMAIL PROTECTED] > Betreff: Multi-User Access to Password Database > > > Dear All > > Looking through the archive of secuity newsgroups > and > mailing lists it looks as though there have been a > few > threads related to personal storage of passwords. > > Typically this results in a file or index of > passwords > encrypted and protected by a single password. > > I need to store a number of passwords and these must > be available to a group of support personnel and > engineers. > > 1. I don't want to have a single shared password to > access this data because it gets widely known and > abused (it's also impossible then to identify who is > accessing the information) > > 2. I want to be able to identify the person > requesting > the information so that an audit trail can be > produced > (useful to get an idea who knows each password) and > so > that only a subset of the passwords are available to > that user (determined by their need to access the > equipment) > > 3. The database used must securely encrypt the > password information > > I don't particularly want to burden the support > staff > with yet another password, so ideally it would be > good > to use one of the current methods of authentication > that we use. > We use ssh so the authentication to the database can > be based on the ssh private key. > We use SecurID so the authentication can be based on > the token (I prefer this one ... it also seems more > likely than ssh-key based). > > Can anyone think of a likely application ... how do > you store your system passwords? > > It doesn't have to be freeware/open source (I've got > limited coding ability and even more limited time so > I > don't fancy starting from scratch) ... although I > guess I'd need to be fairly certain that there are > no > backdoors coded into the application (a reputable > source perhaps) > > > __________________________________________________ > Yahoo! Plus - For a better Internet experience > http://uk.promotions.yahoo.com/yplus/yoffer.html > > --------------------------------------------------------------------------- > Evaluating SSL VPNs' Consider NEOTERIS, chosen as > leader by top analysts! > The Gartner Group just put Neoteris in the top of > its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in > marketshare. > > Find out why, and see how you can get plug-n-play > secure remote access in > about an hour, with no client, server changes, or > ongoing maintenance. > > Visit us at: > http://www.neoteris.com/promos/sf-6-9.htm > ---------------------------------------------------------------------------- __________________________________________________ Yahoo! Plus - For a better Internet experience http://uk.promotions.yahoo.com/yplus/yoffer.html --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
