[unisog] Password vaulting

Buhrmaster, Gary gtb at slac.stanford.edu
Tue Feb 19 17:35:45 GMT 2008


> Hi all.  I have been asked by management to do some asking 
> around to see if anybody out there is currently using any 
> sort of "password vault" solution to manage administrative 
> privileges to secure systems.

I once encountered a low tech solution.  A sealed envelope
in the datacenter inside a box stored in a well known location
(along with a copy of other recovery procedures and 
documentation, such as contacts, contract numbers, etc.)
During those days of a 24/7 operations staff, it was simple
to have control over access, and a process to change the
password and place the new password back into a new sealed
envelope.  Including humans (rather than just technology)
in the loop was necessary at the time, but I recommend it
today (as humans can make judgement calls as to when
procedures should be damned).  I have no idea if that
datacenter still has 24/7 staffing (I doubt it), nor if
they still use a similiar approach (again, probably not).

Gary




More information about the unisog mailing list