Managing Shared Passwords?

What's My Passcode asks: "At the company where I'm consulting, several of our systems are being moved from the internal network to the DMZ. When we were internal, we could easily agree upon the "one" root password that would unlock all these systems, or use a logical progression where the root password was a secret word paired/mixed with the box name. Now that we no longer feel it's safe to have just one password, how do we keep track of shared passwords? I have searched Slashdot, and discovered this past question, but it was aimed more at the individual remembering their passwords. I've also tried wading through a series of Google and other searches, but gave up after several hours of useless and missing links. We can easily control who has accounts on the box, and who can use su, but in order to su you still need to know that root password. Sudo and similar won't cover what we need to do."

"I'm curious what other folks have done. I know I could create a database and store all these things in there, but I'm not real happy about storing a database of passwords in case that box gets cracked (internally, which has happened to several servers already -- and it looks like one of the new businesses that Big Corporation bought is doing a little espionage), or in case one of the hardware guys finds it. (The corporation demands that hardware work be done by the hardware guys, OS work by the OS guys, and us application guys deal with applications.) The OS guys are comfy not knowing root, but I frankly don't trust some of the hardware guys, who will be the ones taking the boxes offline at regular intervals for preventive maintenance. The OS guys all rely upon phyisical access to the box, and they keep a sheet of paper locked up with all the passwords scribbled on it.

I've also considered a Palm Pilot db, with encryption, but the ones I've tried all are aimed at personal password management, and some are cranky about being beamed around, even with L0pht's beamcrack.