Cross-platform Password Management?

Martin Blank writes "I work in a NOC, and one of the debates you will find in any strongly-mixed environment like this is preferred OS. We have people who prefer Windows, some who like Linux, and some who do almost everything on Solaris boxes. However, this also means that much software is not available over all three. With all of the servers, routers, and various other protected systems we have, the sheer quantity of passwords is mind-bogglingly difficult to keep track of in a secure fashion. Are there any packages out there right now running on at least Windows and Linux, and preferably also Solaris, that can access a central password file?"

LDAP and Novell

[dadragon]

My school (Mount Royal College) uses a LDAP database to store the user's passwords. It works with all their windoze boxes (95,98,NT,2000) AND their Red Hat system they teach programming on.

Might be worth a look. They use PAM on Linux, and Novell client on Windows, and the mac.

LDAP

[PatJensen]

Any UNIX that supports PAM (Solaris, Linux, etc) can authenticate against Kerberos or LDAP. Both are also supported by Windows-based OS's and servers. LDAP is very scalable with an extensible schema, and can provide support for more then usernames and passwords. For dial access services, LDAP can also be integrated with RADIUS or TACACS.

Have fun.

Pat

kerberos

[gtdistance]

At University of Michigan they use kerberos for (almost) everything. Basically only the kerberos server has the passwords. I believe that when you want to log into a machine you actually get a ticket from the kerberos server, and the ticket is what is used for authentication.

As a user I find it pretty convenient. I think it's pretty straightforward from an admin standpoint too, but I wouldn't know from experience.

RSA SecurID

[Gunfighter]

I just attended a network security seminar at a small university in Virginia this past week. I manned the booth for my company, but between rush times I spent most of my time speaking with the people (sometimes competitors) from other booths. One of the engineers at another booth was kind enough to give me an RSA SecurID demo box with two key fobs and all the software I needed to set up a server.

Within an hour of arriving back at my hotel room, I had the software up and running (had to download the Win2K agent from the RSA website), and my login to my laptop was secured via SecurID. Once I arrived home last night, I set up the server on my home network, and now all of my workstations and server (Linux included!) are using RSA SecurID login.

You can run the server on NT/AIX/Solaris (probably more by now because I have an old kit), and there are agents out there for just about any operating system. In addition, you can have routers access the server as if it were a TACACS+ or RADIUS server.

Check the RSA website for more information. The part you'll care most about are the agents (client side of the equation), and I know for sure that there are agents available for Windows, Linux, and Solaris.

Good Luck!

LDAP is very cross-platform

[Seth+Finkelstein]

LDAP is definitely something you should investigate.

It is extremely cross-platform compatible

Sig: What Happened To The Censorware Project (censorware.org)

NIS/YP..Take your pick.

[Bowie+J.+Poag]

The thing your looking for is called NIS. A vastly oversimplifed explanation of NIS goes something like this: An NIS-capable host is a system where passwd and group information is kept, and subsequently "pushed" to other hosts. Users log into local machines, the local machines reference their latest NIS maps, and log you in based on that. Its not difficult to set up or maintain, no more difficult than handling localized passwords, at least. Look into it.

NIS is what Sun used to call YP, or Yellow Pages. Pick up a book on NIS administration, and knock yourself out.

I'm sorta surprised this ended up on Slashdot. You'de think that a predominantly Unix-reading crowd would have rejected this one flat out due to it being so obvious.