Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Password Vaulting
From: Dave Koontz <dkoontz () MBC EDU>
Date: Tue, 7 Oct 2008 13:05:50 -0400

I have been looking similar software for a while now.  For those running
products like this, how do you ensure your passwords are always
available?  For instance, if the server running this application
crashes, what options do you have to get passwords to your other
systems?  Particularly if you have the software automatically changing
passwords on all the systems it maintains.

Roberts, Chris wrote ... (10/7/2008 12:41 PM):

Dear Joseph,

We use ManageEngine's Password Manager Pro to centrally store and
audit administrative passwords.  We've been very impressed with the
functionality for the price.

For example, we're using its APIs with our unattended server builds,
to ensure that the admin password is set at install time, and never
divulged to the administrator.  This ensures all use of the local
admin accounts is audited.

 I'd be happy to give more details if it would help.



*From:* The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Joseph Corey
*Sent:* 06 October 2008 22:13
*Subject:* Re: [SECURITY] Password Vaulting

Hi Jerry,

We've been using Enterprise Random Password Manager by Lieberman
Software for about eight months now and it has served our needs
wonderfully. They've made great strides with their most recent
release. It supports the storage and automatic randomization of
Windows, Mac, *nix, Cisco equipment, and many more passwords. They now
support the storage of the private key on an HSM module and support
integration with RSA OTPs.

There are a few downsides like needing local admin rights on the
server to  administer the Win32 app, but all of the password requests,
approvals, and retrieval happen through the website. You only need the
Win32 app when adding new accounts/passwords.

If you have specific questions about the product or would like a
contact there, feel free to contact me off-list.

*Joseph T. Corey  */MCSE, Security/+
*Systems Administrator*
*jcorey () cmu edu <mailto:jcorey () cmu edu> *

*From:* The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Jerry Sell
*Sent:* Monday, October 06, 2008 4:53 PM
*Subject:* [SECURITY] Password Vaulting

We are trying to get electronic vaulting of root and root equivalent
passwords in place. We are receiving kickback from upper management,
because they are not comfortable with the technology.

If you are currently using electronic password vaulting we would
appreciate a response. We would like to know what product you are
using, is it successful, any horror stories, would you recommend it to

Thank you,

Jerry Sell, CISSP

Security Analyst

Brigham Young University


Jerry_Sell () byu edu <mailto:Jerry_Sell () byu edu>


*Dave Koontz* (MCSE/GCIH)
Associate Director
Computer & Information Services
*Mary Baldwin College*
Email:  dkoontz () mbc edu
Phone: (540) 887-7399


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]