[unisog] Password Vaults

Trevor Odonnal trevoro at byu.edu
Mon Oct 6 20:24:56 GMT 2008

We are in the process of suggesting the use of an electronic password vault solution to manage access to root and administrator passwords for servers, network devices, etc.  Our hope is to have the software manage the passwords in such a way that the custodian doesn't need to see the password at any time.  Specifically, we are looking for the following features:

1. The software stores the password in an encrypted format
2. The software changes the password automatically when it is checked back in to the vault
3. Users must follow a clear approval procedure with oversight before being granted access to the password.
4. And of course, logging.

There are other things we are looking for but these are the main requirements.  The problem we are having is convincing upper management that the technology is mature enough to be trusted with this kind of role.  They are concerned as to what might happen should the vaulting solution fail in some way and we have no way to access the systems.

So my question is, have any of you implemented anything along these lines, if so, how is it working for you.  How is the stability and reliability of the solution you implemented?  Do you have concerns about system failure?  Thank you in advance to all who respond.

Trevor O'Donnal CISSP, CCFS, GREM
Network Security Analyst
Brigham Young University
(801) 422-1477
trevoro at byu.edu

More information about the unisog mailing list