[TriLUG] Password Security

[Andrew C. Oliver]

Ron Joffe wrote:
> So this is one of those age old questions, but it seems to keep coming back:
> 
> How do you store your passwords ?
> 

LDAP... but my personal passwords I keep in Tomboy notes :-)...  My wife 
handles all the financial stuff and if you get to my Tomboy notes then 
you've already stolen or cracked my laptop so I have a much bigger 
problem than you stealing the password to bugzilla :-)

> 
> Now what do you do when you have to keep a list of passwords sync'd between a 
> set of support technicians ?
> 

This is a REALLY bad idea procedurally to share a set of passwords 
between users if that is what you mean.

> What do you think is the best way to keep a long list of usernames/passwords, 
> etc. ? When someone needs to give you a password, how do you transfer it? 
> Email, IM, Phone, Snail Mail ?
> 

This is exactly what LDAP was made for BTW.  There are specs for 
replication, it already integrates with your email, PAM, etc.  The only 
problem is that most commercial ldap servers are piles of poo.  This 
isn't LDAP's fault but a common parentage with a certain university's 
internal project...And the internal software of most universities is 
also poo.

-Andy

> Thanks,
> 
> Ron
> 
> 
> 
> 


-- 
Buni Meldware Communication Suite
http://buni.org
Multi-platform and extensible Email,
Calendaring (including freebusy),
Rich Webmail, Web-calendaring, ease
of installation/administration.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3629 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.trilug.org/pipermail/trilug/attachments/20070723/254fbebf/attachment.bin>