On 5/7/06, Ingo Schwarze <[EMAIL PROTECTED]> wrote:
Siju George wrote on Sat, May 06, 2006 at 09:31:39AM +0530: > On 5/6/06, Bob Beck <[EMAIL PROTECTED]> wrote: >> somebody asked:>>> How do you people store passwords in OpenBSD if you have so many of >>> them and would need to copy one of them to a password prompt while >>> others are aroud you watching your screen? >> (ahem) I simply wouldn't do this. it's stupid. [....] >> This would fall under the category of >> DON'T WRITE YOUR PASSWORD DOWN ANYWHERE! > Just taking a rough Estimate I need to remember about 70 passwords [...] This kind of setup does not seem very convincing to me in the first place... When running large numbers of servers, wouldn't it be a better policy to 1) have each server admin generate one RSA key with a strong personal passphrase on one properly configured and closely controlled central login server; 2) have admins login to the various other servers using this key only and from this central server only, disabling password access for admin accounts even when allowing password access for user accounts; 3) grant admin users sudo access as required on each individual host. In case you are serving 70 different clients, you could do essentially the same thing, except that you would use one of your personal machines having permanent internet access in place of the login server mentioned in 1).
Yes Ingo it is a very good plan. :-) Thankyou so much. Kind Regards Siju
