Original question:
Dear SMs,
What are your policies/procedures in archiving/storing root's
password?
When you, the administrator, gets stepped on by an ant :), how does
the operators or new administrator get hold of root's password?
When you restore an entire machine - like in disaster recovery or
period resurrection - how do you recall what a few months password
was? (you do change root's password quite often, don't you?)
Are there a way of electronically archive the password (in an
'envelope') and when the operator, fellow administrator, or your boss
has opened the envelope how do you get notified?
We just had a security audit and there are a few issues on root's
password we need to sort out.
Thanks
Answer:
One thing is for sure, there is no perfect way; it revolves around
trust and responsibility.
Most of the respondents keep their passwords in sealed paper envelopes
in either a safe/strongroom or locked away in their managers desk and
no operator has access to these passwords.
It probably makes sense for the manager to keep the passwords as they
are ultimately responsible for the machines although another method
was put forward by someone.
This method involves keeping the password in a sealed envelope locked
away with a trusted colleague. This colleague would have little or
nothing to do with the system. This way there are two entities that
have to concur about releasing the password.
A few respondents uses 'sudo' and the machine/console are in a
protected room with surveillance cameras to guard against any 'boot
cdrom -s'.
What about the following for a solution then:
root's password is encrypted with PGP on a stiffy (3 1/2" disk) and
locked away in a safe. Only management can open the safe and only a
trusted colleague's private key can decrypt the password. This way
there have to be collaboration with at least two people.
Thanks
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:42 CDT