[ale] Password creation and documentation
James P. Kinney III
jkinney at localnetsolutions.com
Sun Sep 11 16:40:00 EDT 2005
Good question, Kevin.
If you must have multiple person access to a password list you will need
a way for the list to stay updated.
Here's my suggestion:
a random password generator: use to make the passwords.
remote password change script: use ssh with keys for this to change the
passwords from the password server when needed. Should check that the
new password has not been used before. Also moves old password to
password storage for avoiding reuse.
cron job: checks "database" for expiration of passwords and runs the
remote password change script.
database: Storage of old and new passwords. Needs to be VERY secure.
Consider the encryption of the current password column in the database.
password locked access to the database: internal only web access with
authentication of user and machine.
You can also get fancy and key the database for allowing access to
classes of shift operators to only certain machines.
On Sun, 2005-09-11 at 13:04 -0700, Kevin O'Neill Stoll wrote:
> How might someone go about creating, documenting, and
> revisioning passwords for various servers, consoles,
> etc...?
>
> I have approximately, 30-40 various devices/systems that I
> need to create passwords for and document, then of course
> change a subset of these every X interval, and would like
> to make sure I don't reuse the same password for at least 5
> of those revisions. Ultimately, this will be used for an
> operations desk, in which a shift operator will need access
> to a password "database".
>
> I had thought about just using a random password generator
> and documenting everything in delimited file stored in an
> encrypted filesystem, but my concern there is manual
> policing of password reuse.
>
> Suggestions on enterprise products, open source, or go ole'
> home grown are more than welcome. I'm not afriad to pay for
> something to do this.
>
> Thanks for the help.
>
>
>
>
> ______________________________________________________
> Yahoo! for Good
> Watch the Hurricane Katrina Shelter From The Storm concert
> http://advision.webevents.yahoo.com/shelter
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
--
James P. Kinney III \Changing the mobile computing world/
CEO & Director of Engineering \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
http://www.localnetsolutions.com
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Ale
mailing list