[119441] in North American Network Operators' Group
Re: Password repository
daemon@ATHENA.MIT.EDU (Dan White)
Thu Nov 19 02:12:41 2009
Date: Thu, 19 Nov 2009 01:11:59 -0600
From: Dan White <dwhite@olp.net>
To: Randy Bush <randy@psg.com>
In-Reply-To: <m2y6m3m39l.wl%randy@psg.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 19/11/09 15:34 +0900, Randy Bush wrote:
>> Quick question, does anyone have software/combination of tools they
>> recommend on centrally store various passwords securely?
>
><old school>
>
>ascii text file, gpg encrypted, only opened with emacs crypt++.el
From the network administrator perspective, we prefer to use a 3rd
party/central authentication system where feasible, to reduce the number of
passwords entries in our network from Users*Systems to
Users*Security_Domains, and keep a gpg encrypted file (and a physical copy)
in a safe location of rarely used admin/root passwords that we only
need in an emergency (e.g. when RADIUS goes down).
--
Dan White
