On 01/08/06 15:11 +0000, Doug W wrote:
> Hi Everyone
>
> What do people generally do in the case of password storage? For example,
> I strongly believe that storing passwords in documents is a terrible idea
> as I am sure you would agree.
>
Personally, I am the fan of one password for all things. And then make
sure that this is a strong password.
Making me change my 15 character mixed case, numeric and special
character using password is likely to have bad effects on security.
> However, how do you account for having multiple support staff, possibly
> working off site, most with extremely bad memories (unfortunately), and in
> need of high level rights to fix systems etc.
>
For everything else, sudo(8) is your friend. Logging in using ssh, with
key only authentication works fine.
> I also try to enforce that all actions are taken wtih the users own
> privileged account for auditing purposes but when building machines,
Use software like cfengine, isconf4, puppet, bcfg2 ... for such
purposes.
> installing software or troubleshooting problems, service accounts and
> administrations accounts may be required.
>
About the only time the administrative password should be needed is for
major troubleshooting.
Of course, all the above applies to Unixy systems.
Devdas Bhagat
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Received on Aug 02 2006
Intro
