Sean wrote:
Hi All,
I'm needing to set some passwords for a couple dozen servers and a
whole bunch of clients(1000+). And I was wondering what the best way to
go about it is. How do you guys/gals go about creating passwords for
servers, do you use the same for each service, like do you use the same
password for mysql as you do for the machine? do you just come up with
the passwords? or do you use a password generator?
I generally use a different password for each service. This can
mitigate some damage in case of compromise. Also it allows me to give
the MySQL root password to web devs without giving them the machine root.
For infrequently used passwords I use a password generator (APG
http://www.onlamp.com/pub/a/bsd/2003/10/30/FreeBSD_Basics.html )
For more frequently used passwords I make one up.
Also, for many servers or devices I centralize authentication whenever
possible. eg. RADIUS for devices like switches, routers, firewalls. I
have plans to implement either LDAP or Kerberos for general server
authentication.
--lonnie
_______________________________________________
UPHPU mailing list
[email protected]
http://uphpu.org/mailman/listinfo/uphpu
IRC: #uphpu on irc.freenode.net
