On Sat, May 14, 2011 at 10:49:27PM -0400, Greg R spake thusly: > On Sat, 14 May 2011 19:44:42 -0400, Tracy Reed <[email protected]> > > What do you mean by "root password prefix"? > > I ran into something like this before. The password is an acronym with > substitutions: > > "Fred is no longer working here April 9th" = F1NLw#49
Implemented that way, it really doesn't seem so bad and I do similar although I wonder how many then go on to use that same "secure" password on multiple systems. I was thinking it might be something like what one shop I am familiar with does: "Fred Is Fired" = FIF mailserver password = FIF_mail fileserver password = FIF_file database password = FIF_data and so on. The prefix (same on every machine) then an underscore followed by the first four letters of the hostname. For the record, I recognize this as a really bad idea. They are even an e-commerce shop so credit card data is involved. I am working on getting this changed but they have been told "never write down passwords." so there has been resistence. There are password keeper programs which use a master password to encrypt the list of passwords but those work better for personal use: If we have to change or add a server root password I don't want to have to get everyone to update their personal lists. I am leaning towards A GPG encrypted file on an internal server somewhere as is my standard practice although if The Boss, who has no command line skills, wants access to it also for purely territorial reasons as he has no legitimate reason, that may be an issue. I'm sure this is a common problem. What do the rest of you do? -- Tracy Reed
pgp4PPeYbI6q2.pgp
Description: PGP signature
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
