[unisog] Password vaulting

Buhrmaster, Gary gtb at slac.stanford.edu
Tue Feb 19 21:04:56 GMT 2008


> One place I know also used a fairly simple solution.  All
> root/administrator/etc password where stored in a text file 
> encrypted with PGP/GPG.  

While a good solution to storing and sharing the
password(s) among many people, it is not, strictly
speaking, a "password vault" as the original requestor
was referencing it, since anyone in the list can look
at the password at any time, and it is not changed
after (limited time) usage (unless you add in some
additional technology around it).  Since the (typically
root) password is (or can be known) to many people at
the same time, one loses the accountibility that a more
strict interpretation (and implementation) of a
"password vault" can provide.  If you need that
level of accountability (which should not be taken
as a given).



More information about the unisog mailing list