HPE Community
Operating System - HP-UX
1834606 Members
3909 Online
110069 Solutions
New Discussion

Password Best Practices revisited

 
Robert S. White
Advisor

‎03-23-2005 12:44 AM

‎03-23-2005 12:44 AM

Password Best Practices revisited

This question comes up about once a year. I would like know what you consider the "Best Practices" solution for the storage of department passwords.
My group cares for over 150 servers (HP-UX, LINUX, Solaris, Windows, etc) all with different passwords for root, sysadmin, applications, etc. The need for a safe way to store these passwords for continuity and sharing between our five sysadmins is extreme.
I would be interested in hearing recommended solutions, observations, etc.

To open the discussion I will tell you what I am doing now. Please feel free to comment on my solution.

I have an area setup on one of the Windows servers for the IT group. In one of the directories I have one of those off the shelf password storage programs. All root and admin passwords go in there. Thus, any sysadmin only needs one password to look up one forgotten, recently changed, etc.

We are thinking about moving the program onto one of those USB memory sticks and lock that in a safe. This would provide two levels of safety.

Cheers,
RSW
Computers are just external storage for my brain.
0 Kudos
Reply
3 REPLIES 3
harry d brown jr
Honored Contributor

‎03-23-2005 12:49 AM

‎03-23-2005 12:49 AM

Re: Password Best Practices revisited


I like the idea of the memory stick, but store it OFF SITE - like in a BANK safety deposit box.

live free or die
harry d brown jr
Live Free or Die
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎03-23-2005 12:50 AM

‎03-23-2005 12:50 AM

Re: Password Best Practices revisited

Since everyone already has access to the various passwords, why not just make them all the same and eliminate the problem of having to look them up?


Pete

Pete
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎03-23-2005 01:20 AM

‎03-23-2005 01:20 AM

Re: Password Best Practices revisited

For the Unix/Linux machines why not eliminate the need to know the passwords entirely.

Install sudo and set up all admins in the sudoers file. Then if/when someone needs to become root, an application ID, whatever, you just do a 'sudo su - username', enter YOUR OWN password for verification, and there you are. This would allow you to set, and even forget, the passwords without having to worry.

I read an article recently about a place where NO ONE knows the root password. They have a cron job that runs every few minutes that changes the root password to some random string of characters. This organization relies solely on sudo to access root.

I can see their point. And I can see how it would work. I'm not sure I agree, but in this day and age of hackers, etc., I think it's an idea that has merit.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.