[88535] in North American Network Operators' Group
Re: Password Security and Distribution
daemon@ATHENA.MIT.EDU (Andy Davidson)
Thu Feb 9 08:03:13 2006
Date: Thu, 9 Feb 2006 12:59:10 +0000
From: Andy Davidson <andy@nosignal.org>
To: Jeremy Stinson <laxplayer@earthlink.net>
Cc: nanog@merit.edu
In-Reply-To: <22796561.1138117725749.JavaMail.root@elwamui-cypress.atl.sa.earthlink.net>
X-SA-Exim-Mail-From: andy@nosignal.org
Errors-To: owner-nanog@merit.edu
Hi,
Embarassingly late reply; I've been away.
On Tue, Jan 24, 2006 at 10:48:45AM -0500, Jeremy Stinson wrote:
> We are in the need for a better mechanism for sharing passwords between our
> engineers. Most of these passwords are for our client's systems where some
> of them are controlling the password schemes (aka requiring shared user
> accounts).
[...]
> In other companies we have used a PGP keyring to secure a text file that
> contained all of these passwords and then put them onto a shared customer
> portal. The problem with this strategy is what happens if you are not
> on your computer where PGP is installed?
Encrypted text files are a nice way to go until you grow to the size
when people need very different levels of access, and centrally storing
a number of these files isn't good enough.
http://devel.pluto.linux.it/projects/Gringotts/ is what we use. If an
engineer is not at a desk where they have gringotts installed, use the
-d flag to use a console/interactive version of the software instead of
the usual GTK gubbins.
-a
