[unisog] Password vaulting

Trevor Odonnal trevoro at byu.edu
Tue Feb 19 16:04:12 GMT 2008


Hi all.  I have been asked by management to do some asking around to see if anybody out there is currently using any sort of "password vault" solution to manage administrative privileges to secure systems.

For those who may not be familiar with this term, a password vault is a system that vaults administrator or root passwords in either a physical vault, or electronic secure storage.  When an individual needs root or admin access to a secure system, he or she must have a valid work order or change control number to request the access.  The password is removed from the vault and provided to the individual for a specific amount of time.  At the end of this time period, the password is changed and re-vaulted.

The obvious question is "Why not just assign admin or root authority to the user's account?"  That is the usual procedure.  However, there are times when engineers need full root access to a system to perform their duties, or emergencies arrive when the privileges are needed right away.

So, is anybody using a system like this?  If so, what are you doing and how well is it working?  What kinds of political issues have you had to deal with?  Thanks in advance!

Trevor O'Donnal CISSP, CCFS, GREM
Network Security Analyst
Brigham Young University
(801) 422-1477
trevoro at byu.edu



More information about the unisog mailing list