Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: distributing passwords to users

From: "Mlungwana, Buyani" <buyani.mlungwana () liberty co za>
Date: Thu, 8 Dec 2011 09:36:19 +0200
Check out CyberArk privilege identity management 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of synja () synfulvisions com
Sent: Wednesday, December 07, 2011 10:07 AM
To: G V; listbounce () securityfocus com; security-basics () securityfocus com
Subject: Re: distributing passwords to users

Standard procedure in most instances is to generate a random password, email it to the user, and force the user to 
change the password upon login.

Is there a reason you aren't doing this?


Rob
Sent on the Sprint(r) Now Network from my BlackBerry(r)

-----Original Message-----
From: G V <gvasiliu () gmail com>
Sender: listbounce () securityfocus com
Date: Mon, 5 Dec 2011 22:30:24
To: <security-basics () securityfocus com>
Subject: distributing passwords to users

Hi,

From your experience, what's the best secure and easy way to update a password list and distribute it to 1000 or so 
unix users? The users would have different privilege levels and different access on network.
Throwing ideas, I can think of: pgp (difficult to maintain a separate file for each user), web app (would need to be 
sucured over ssl, possible password protected), usb disks (difficult to manage changes).
Anyone using an enterprise level app (commercial or not) to "share"
passwords to users, manage changes and so on? Any other ideas I can use?

Thank you,
George Vasiliu

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


**********************************************************************
The e-mail and attachments are confidential and intended only for selected recipients. If you have received it in 
error, you may not in any way disclose or rely on the contents. You may not keep, copy or distribute the e-mail. Should 
you receive it, immediately notify the sender of the error and delete the e-mail.Also note that this form of 
communication is not secure, it can be intercepted, and may not necessarily be free of errors and viruses in spite of 
reasonable efforts to secure this medium.
**********************************************************************



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: