Re: enterprise password manager

[martin <martiniscool () gmail com>]

Hi All

Apologies for the late reply - unfortunately I don't get to devote as
much time to this list as I'd like to.

First off, thanks to everybody for all the replies and suggestions,
very much appreciated.

Secondly, I think my subject line was probalby a little mis-leading.
I'm not looking for an IDM/SSO solution.  I am actually looking for a
utility to securely store passwords and manage who has access to them.
 While I don't agree with "storing" passwords, I've learnt over the
years that in some cases it's inevitable.  We currently have lists of
passwords for various different customers (such as Domain Admin
passwords, root passwords, DSRM passwords, fw/router/switch logons
etc) as well as firewall/router/switch/etc config files ... which of
course contain passwords, SNMP community names etc etc

Currently we store the passwords in excel sheets and config files in
text files which are stored on our windows file server.  Although the
security to these files is locked down to a certain extent, I still
don't personally feed that it's a good method of doing things.
Windows permissions do not let me grant security based on multiple
groups. For example, I may only want the site manager for customer A
to have access to the firewall config files (and passwords) (just as
an example). I have a security group for everybody based at Customer
A, and I have a group for site managers.  But there's no way in
Windows to say that you have to be a member of BOTH groups in order to
access a particular file.  This is just one example of where I think
we're lacking a certain amount of control, but this isn't the only
one.

I've looked at the examples above, but the Password Manager Pro
software looks quiet complicated and is a bit outside our budget for
something like this.  Surely I'm not the only one in this position ?
How do other companies manage these types of confidential info ?  Or
am I just being too fusy ?

Does anybody have any other suggestions other than the ones above ?
Or do I just need to start looking at a standard password manager apps
?

thanks again for any additional guidance anybody can providee
M

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------