[unisog] designing a password management system for privileged accounts

Chris Green cmgreen at uab.edu
Thu Oct 20 15:39:40 GMT 2005


On 10/19/05 6:58 PM, "Russell Fulton" <r.fulton at auckland.ac.nz> wrote:
 
> 1/ provide secure central storage and management of passwords
> 2/ provide controlled (authorized) and audited access to the password
> though a web front end.  Later we may write a 'fat' client that does
> nice things like put the retrieved password onto the clipboard.
> 3/ provide automated change of passwords according to a customizable
> schedule.
> 4/ allow privileged users to reset passwords etc.
> 5/ will provide time limited access to particular passwords for
> particular users.  (e.g. contractors coming in to work on a system)
> 6/ enforce password 'quality' standards by using randomly generated
> passwords.
> 7/ All passwords will be encrypted with one or more master keys for DR
> purposes.
> 8/ All passwords stored on the server will be encrypted with the public
> key of the users who are allowed access to them.

Glad to see someone intends to do this ;)

If passwords stored on the server are encrypted with the authorized user's
public keys, where do their private keys reside for the decryption process?
Is the private key a passphrase that the administrator remembers?

The system should store "old" passwords to prevent reuse.

For our groups that occasionally need the local Administrator password for a
series of desktops, I've thought about having something where the master
password was shared, but then computed with the system-name into a hash that
creates the individual administrator password.

One case to think about:

   2 directors that have password access to everything
   All the systems are entered into the system in the right "group"
   A new "director" is added, do all systems have to have passwords reset or
is there a mechanism to add director or group member without needing the
passwords reset?

Automated password change should also be available on demand (terminated
employee).

That's all I can think of right now but if you get further into specifying
what the system should do, I'd love to help review it.
-- 
Chris Green
UAB Data Security, 5-0842



More information about the unisog mailing list