Brian LaMere wrote:
Anyone know of an open-source password repository utility for linux?
I just use a crypto-loop mounted encrypted filesystem containing a text file with the usernames and passwords in it.
We have ~150 separate root passwords to keep track of, and our current
I solve this problem by getting rid of root passwords. Nobody should be using them. There is no accountability. Configure and use sudo instead. I put a * in the password field of root in /etc/passwd.
Note that this isn't for general accounts, so ldap/nis/etc isn't valid; we've just got a lot of root passwords to keep track of, and they all have to be different.
If ldap etc would be valid for general accounts this would be another reason to do away with root passwords.
Currently, about 12 hours is spent every 6 weeks, changing passwords.
I am also generally against gratuitous changing of passwords as it causes the problem you mention here without adding any real security. If someone has compromised the password the server is already owned and changing the password now won't do any good. If the password hasn't been compromised (and it was a well chosen password to begin with) you really have little to worry about.
But really I would recommend just writing down the root passwords and storing them in a safe place like your office or in the server room. If you don't have physical security you don't have any security anyway, right? So if it's good enough for storage of the physical machines it is good enough for storage of the written root passwords.
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
