Slashdot Mirror

← Back to Stories (view on slashdot.org)

Managing Shared Passwords?

Posted by Cliff on from the why-human-brains-need-RAM dept.

What's My Passcode asks: "At the company where I'm consulting, several of our systems are being moved from the internal network to the DMZ. When we were internal, we could easily agree upon the "one" root password that would unlock all these systems, or use a logical progression where the root password was a secret word paired/mixed with the box name. Now that we no longer feel it's safe to have just one password, how do we keep track of shared passwords? I have searched Slashdot, and discovered this past question, but it was aimed more at the individual remembering their passwords. I've also tried wading through a series of Google and other searches, but gave up after several hours of useless and missing links. We can easily control who has accounts on the box, and who can use su, but in order to su you still need to know that root password. Sudo and similar won't cover what we need to do."

"I'm curious what other folks have done. I know I could create a database and store all these things in there, but I'm not real happy about storing a database of passwords in case that box gets cracked (internally, which has happened to several servers already -- and it looks like one of the new businesses that Big Corporation bought is doing a little espionage), or in case one of the hardware guys finds it. (The corporation demands that hardware work be done by the hardware guys, OS work by the OS guys, and us application guys deal with applications.) The OS guys are comfy not knowing root, but I frankly don't trust some of the hardware guys, who will be the ones taking the boxes offline at regular intervals for preventive maintenance. The OS guys all rely upon phyisical access to the box, and they keep a sheet of paper locked up with all the passwords scribbled on it.

I've also considered a Palm Pilot db, with encryption, but the ones I've tried all are aimed at personal password management, and some are cranky about being beamed around, even with L0pht's beamcrack.

3 of 18 comments (clear)

  1. Password safe by dkusters · · Score: 3

    Try out Password Safe available through Counterpane. It's from Bruce Schneier's company. Bruce Schneier is the author of Applied Cryptography, Secrets and Lies, CryptoGram newsletter, and the blowfish and twofish algorithms (one of which was an AES finialist). He has personally code audited the software, so I trust it.

    Have one password for the Password Safe and have it store the root passwords for your other computers. If you are very paranoid, keep the database on a floppy and lock the floppy in a safe when not in use.

    One downside, only Windows. But, a Linux version is coming Any Day Now (tm) (it'll be Open Source to boot!).

    Dave

  2. Keyring for PalmOS by jfunk · · Score: 3

    check out Keyring for PalmOS

    It used to be called GNU Keyring. I use it all the time. It's quick, stable, open source and all that other good stuff. It generates passwords for you based on settings you pick and works for encrypting notes as well.

    That way you don't have to worry about your hardware guys sticking a disk in a password server and brute-forcing any data.

    Before I had a Palm I used GPG to encrypt passwords. That's a decent solution, too, as long as you don't save a text version anywhere on your computer. I was also using loopback encryption for certain directories in my home directory. That way, even my private key, all of my encrypted passwords, and anything else sensitive is encrypted. If you're ultra-paranoid and you're the only user of your computer, you can loopback encrypt /tmp as well.

  3. why not sudo? by coyote-san · · Score: 4

    Maybe I missed something, but why aren't you already using sudo or something similar?

    In case you haven't heard of it before, sudo is a SUID program that gives you root access (or restricted root access, e.g., the ability shutdown the system or mount/umount disks, but no more) once you authenticate yourself with *your* password. You never use the actual root password.

    Sudo also logs all commands executed. This can save you a *lot* of grief when you're trying to figure out what you did wrong.

    Since each person must be named explicitly in a separate control file, it's easy to invalidate users as circumstances change. It's a lot easier to change one file on multiple systems than it is to get everyone to memorize new passwords.

    As for the root password, I've found it unnecessary to provide *any* root password - just put a "*" in the /etc/passwd and /etc/shadow fields. The *only* place you really need the root password is if you're running in single-user mode because the fsck failed on boot - and in that case you'll probably want to use a boot/root rescue kit anyway.

    If you want to keep a root password around anyway, it should never be routinely used. I personally favor the "write it on a card, put it in a sealed envelope, and (optionally) lock in in your boss's desk. Once you use it once, generate a new random password and repeat" approach.

    As others pointed out, none of this will stop anyone from getting into the system their own root disk. But if fear of immediate termination doesn't scare them off, it's easy to remove the floppy and CD-ROM drives.

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken