Educause Security Discussion mailing list archives
Re: Password Vaulting
From: Dave Koontz <dkoontz () MBC EDU>
Date: Tue, 7 Oct 2008 13:05:50 -0400
I have been looking similar software for a while now. For those running products like this, how do you ensure your passwords are always available? For instance, if the server running this application crashes, what options do you have to get passwords to your other systems? Particularly if you have the software automatically changing passwords on all the systems it maintains. Roberts, Chris wrote ... (10/7/2008 12:41 PM):
Dear Joseph, We use ManageEngine's Password Manager Pro to centrally store and audit administrative passwords. We've been very impressed with the functionality for the price. For example, we're using its APIs with our unattended server builds, to ensure that the admin password is set at install time, and never divulged to the administrator. This ensures all use of the local admin accounts is audited. I'd be happy to give more details if it would help. Regards, Chris *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Joseph Corey *Sent:* 06 October 2008 22:13 *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Password Vaulting Hi Jerry, We've been using Enterprise Random Password Manager by Lieberman Software for about eight months now and it has served our needs wonderfully. They've made great strides with their most recent release. It supports the storage and automatic randomization of Windows, Mac, *nix, Cisco equipment, and many more passwords. They now support the storage of the private key on an HSM module and support integration with RSA OTPs. There are a few downsides like needing local admin rights on the server to administer the Win32 app, but all of the password requests, approvals, and retrieval happen through the website. You only need the Win32 app when adding new accounts/passwords. If you have specific questions about the product or would like a contact there, feel free to contact me off-list. *Joseph T. Corey */MCSE, Security/+ *Systems Administrator* *jcorey () cmu edu <mailto:jcorey () cmu edu> * *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Jerry Sell *Sent:* Monday, October 06, 2008 4:53 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Password Vaulting We are trying to get electronic vaulting of root and root equivalent passwords in place. We are receiving kickback from upper management, because they are not comfortable with the technology. If you are currently using electronic password vaulting we would appreciate a response. We would like to know what product you are using, is it successful, any horror stories, would you recommend it to others. Thank you, Jerry Sell, CISSP Security Analyst Brigham Young University (801)422-2730 Jerry_Sell () byu edu <mailto:Jerry_Sell () byu edu>
-- *Dave Koontz* (MCSE/GCIH) Associate Director Computer & Information Services *Mary Baldwin College* Email: dkoontz () mbc edu Phone: (540) 887-7399 <http://www.mbc.edu/>
Current thread:
- Password Vaulting Jerry Sell (Oct 06)
- <Possible follow-ups>
- Re: Password Vaulting Joseph Corey (Oct 06)
- Re: Password Vaulting Roberts, Chris (Oct 07)
- Re: Password Vaulting Dave Koontz (Oct 07)
- Re: Password Vaulting Roberts, Chris (Oct 08)
- Re: Password Vaulting Russell Fulton (Oct 13)