Security Basics mailing list archives
Admin password management
From: mamo <mamo74 () gmail com>
Date: Wed, 20 May 2009 14:48:04 +0200
Hi all. I am responsible for the security of a small ISP. I need to manage the admin password of all the machine of the ISP (around 200 system mainly with linux, windows and solaris OS). By admin user I mean stuff like root, oracle, Oracle sys, MSsql SA, Bea admin password etc. We have a policy that require users to authenticate with nominal username/password (and sudo on UN*X) but there are situations where accessing with admin password is required, but it is not acceptable to share the password with all the group that work on IT Assurance activity. I would like to have a product that: - Log who take what password - Log who change the password - Permit to generate a new random password - Have a "decent" security - Permit to profile who can see what password (it is not mandatory) - Permit to add a note to the activity (why the users had the need to take the admin password) I am looking for a product that will be used by around 50-100 people that manage the ISP (not like keepass or password safe where the user has the encrypted db with all the password on the PC). I would appreciate to be able to do this activity with Open Source product, but I can evaluate also commercial product. Do you have any experience to share of product that match may description? Thank you. Mamo ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Admin password management mamo (May 20)
- RE: Admin password management Cornwell, Kay (NIH/NIGMS) [E] (May 21)
- RE: Admin password management Cisternas Marquez, Gonzalo (May 21)
- Re: Admin password management Aarón Mizrachi (May 21)
- <Possible follow-ups>
- Re: Admin password management grady (May 21)
- Re: Admin password management Zhihao Tan (May 22)
- RE: Admin password management Valentin Fernandez Bolland (May 22)
- Re: Admin password management Zhihao Tan (May 22)