[unisog] Admin Password Management

Russell Fulton r.fulton at auckland.ac.nz
Wed Feb 23 01:05:22 GMT 2005


On Tue, 2005-02-22 at 15:29 -0600, Chris Green wrote:
> How do people ensure that admin passwords stay up to date, especially as
> part of restoration procedures?  The popular method here has been to have a
> text file per group delivered to a safe with Director level access.  The big
> problem with this is auditing the passwords and ensuring that everyone
> coughs up the goods each round of change.

WE cooked up a scheme for use here, unfortunately we still have not got
it implemented yet...

We have operations staff on 7x24 and the idea was that the operators
would maintain the root/administrator passwords of all machines in the
data centre using passwordsafe. 
http://passwordsafe.sourceforge.net/

The operators would be responsible for changing all passwords on a
regular basis.  This would normally be done a few per day in the night
shift when they are otherwise under employed.

These root/administrator passwords are for emergency use only.  Normal
access will be via admin's normal login.

We are about to set up a new AD domain just for the data centre and all
other access to systems (both UNIX and Windows) would be authenticated
by this new domain.  We intend to enforce strict quality and change
rules on this AD.

Has anyone produced an equivalent of sudo for windows?

Cheers, Russell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050223/1c6af1b3/smime.bin


More information about the unisog mailing list