[unisog] designing a password management system for privileged accounts

Russell Fulton r.fulton at auckland.ac.nz
Thu Oct 20 20:48:24 GMT 2005

Chris Green wrote:
> Glad to see someone intends to do this ;)
> If passwords stored on the server are encrypted with the authorized user's
> public keys, where do their private keys reside for the decryption process?

I'm pleased you asked this Chris!  This is one of the facits of the
design that we are still pondering.

At the moment we are inclined to store the private keys on the server,
we are leaning this way because:

a/ we want something we can roll out quickly without a major training
effort. It would be quite a bit of work to educate all our admins and
operators about PGP/GPG.
b/ so long as the passphrases are well chosen then having the keys on
the server should not be any less secure than having them on the users
c/ having them on the server means that we can check the strength of the
d/ you can remove a user's access simply by removing/destroying their
private key on the server.

Anyone want to pick holes in these arguments, please do :)

> Is the private key a passphrase that the administrator remembers?

> The system should store "old" passwords to prevent reuse.

Hmmmm... the actual password for the systems or pass phrases for the
keys?  Since these password are really for emergency use only, not for
day to day use we intent to have the randomly generated.

We are still pondering what to do about general admin acces for both
unix and windows systems.  We have a separate project going on that
looking at two factor auth and other stuff.

> Automated password change should also be available on demand (terminated
> employee).



More information about the unisog mailing list