[TriLUG] Password Security
Andrew C. Oliver
acoliver at buni.org
Mon Jul 23 14:28:06 EDT 2007
Ron Joffe wrote:
> So this is one of those age old questions, but it seems to keep coming back:
> How do you store your passwords ?
LDAP... but my personal passwords I keep in Tomboy notes :-)... My wife
handles all the financial stuff and if you get to my Tomboy notes then
you've already stolen or cracked my laptop so I have a much bigger
problem than you stealing the password to bugzilla :-)
> Now what do you do when you have to keep a list of passwords sync'd between a
> set of support technicians ?
This is a REALLY bad idea procedurally to share a set of passwords
between users if that is what you mean.
> What do you think is the best way to keep a long list of usernames/passwords,
> etc. ? When someone needs to give you a password, how do you transfer it?
> Email, IM, Phone, Snail Mail ?
This is exactly what LDAP was made for BTW. There are specs for
replication, it already integrates with your email, PAM, etc. The only
problem is that most commercial ldap servers are piles of poo. This
isn't LDAP's fault but a common parentage with a certain university's
internal project...And the internal software of most universities is
Buni Meldware Communication Suite
Multi-platform and extensible Email,
Calendaring (including freebusy),
Rich Webmail, Web-calendaring, ease
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3629 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.trilug.org/pipermail/trilug/attachments/20070723/254fbebf/attachment.bin
More information about the TriLUG