[unisog] Password Management or Vaults

Russell Fulton r.fulton at auckland.ac.nz
Mon Feb 20 20:02:48 GMT 2006



Mayne, Jim wrote:
> We are looking into the feasibility and security of password management
> or vaulting software. Does anyone have any experiences and
> recommendations, especially across multiple operating systems and
> applications?
> 
Us too.  We got as far as doing a design but management decided that
they had other priorities :(

Products like Password Vault or Password Safe (while excellent for what
they are intended for) don't meet our requirements.  We need something
that will share a vault or safe amongst a number of users and provide
full audit trail of who used what and when.  We also would like the
ability to change passwords built into our system even better the
ability to automate this on a schedule.

What we are looking for is something that will allow us to manage all
the root/administrator passwords which should only ever be used for
emergency access as our policies say that admins should login on their
own accounts normally.

As a first step we planned a web based system that used pgp to encrypt
passwords with the keys of those who needed them.  Second phase would be
a 'native' client written in perl or ruby with a password safe like
interface and the ability to transfer the password directly to the
clipboard.  This version would be access via https but would do away
with the need to hold the users private keys on the server (we are well
aware of the risk of this but we decided to go this way for a start in
order to get something going quickly).

Russell


More information about the unisog mailing list