2012/6/26 Michael C Tiernan <[email protected]>: > ----- Original Message ----- >> From: [email protected] > >> auditing release of the password (who got the password when, and who >> approved it) > > One of the things that I never hear discussed during conversations like this > is how exceptions are handled. Some of the exceptions I'd want to hear > discussed include: > > How business continuity is maintained across catastrophic events. > > How, when everything else has hit the fan, can "I" a "trusted admin" working > in the data center get access into our systems where even the networking is > down? There are times that in preparation of bring up the data center from a > dead stop, I need to log into some systems and run fsck's (or other such > tasks) before everything else is live.
Been there. Loved Quest VAS coredumping without networking rendering the local root password useless. > Can I, after getting the root password of a system in an emergency, flag a > password as "exposed" but not "compromised" requiring the password to be > changed and re-synced at the next possible opportunity when "normal" > operation has been restored. Love this!!!! I'll think about that. Flagging the password as exposed is really a nice idea. Two real world mechanisms I saw a) trusted admin is authorized to break system via single user mode. This worked for years(!!!!) without ever needing to know the root pw. It also ensured it was changed back at some point because people would miss their root :> Of course the extra reboots and risk cost money. b) password in envelope safe. The key here was to not be allowed to open the save. Someone handed the envelope out. This is very failure prone. The password in the envelope will not always match the one in the server. There will not always be a password for the server you need one for. There is a good chance you'll need the password for the same server a few years later, and it will still be missing or, worse, the same. I think the rule here is to avoid having processes made by people that don't have to be awake / around when it all comes down in flames. Because then they'll never implement the part where they have to adjust things. > Is there a way to generate password displays using clear concise (unabigous) > language for reading over the phone or other verbal exchange including, > should it be required, printing. (i.e. Password=bwFq display as > "[bravo][whisky][FOXTROT][golf]") Passwords made with APG are quite useful there, it also prints the verbal version at generation time. Of course that doesn't make a tool yet. In my toyground i have some freaking crazy appliance from a shop named IMPRIVATA that seems to do a professionalized version of password management, up to where two people have to "sign off" your logging in. Of course, that also isn't great once everything is broken. Florian _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
