[TriLUG] Password Security

Jason Tower jtower at cerient.net
Mon Jul 23 14:46:42 EDT 2007


1. sudo.  if someone needs to change a root pw for any reason, let em.  it can 
always be changed later by another admin with sudo.  i don't even know the root 
passwd on many of the servers i admin.

2. ssh key in /root/.ssh.  no need for a password at all and works for multiple 
users, although if a private key was compromised you'd have a problem.  assumes 
connections are generally made from the same host.

3. wiki with ACLs over https.  good for misc auth info like websites where sudo 
and ssh keys don't apply.  just make sure the db that powers it is secure as well.

Ron Joffe wrote:
> On Monday 23 July 2007 14:28, Andrew C. Oliver wrote:
>>> Now what do you do when you have to keep a list of passwords sync'd
>>> between a set of support technicians ?
>> This is a REALLY bad idea procedurally to share a set of passwords
>> between users if that is what you mean.
> 
> I have 4 people responsible for after hours support on a growing number of 
> client systems. Could you please post your suggestions as to how they all 
> should gain privs on those servers? I have my own ideas, but rather then 
> taint your answer, I would like to get a fresh perspective.
> 
> Thanks,
> 
> Ron
> 
> 
> 
> 
> 



More information about the TriLUG mailing list