Thread: Password policy for enterprise
View Single Post
flipper35 flipper35 is offline
Registered
 
Join Date: Mar 2003
Location: SW Cheese Country
Posts: 13,615
Garage
Quote:
Originally Posted by id10t View Post
Proper enterprise should have a single password and user, and use ldap, saml or other centralized auth for service. End result is I have two work passwords to remember - my cuurent domain pw and the one for my ssh key

Shared passwords - root or other shared admin accounts etc - are in a shared password manager that has saml login controlling access
That is pretty much how we do it other than we use PMP for access to the servers and it uses a rolling password, that way we can audit who logged in by the access through PMP using their domain creds as opposed to their normal login creds.

Again, this isn't about the actual passwords, but is about people not having consequences for any behavior that puts the company at risk when they know better.
__________________
Brent
The X15 was the only aircraft I flew where I was glad the engine quit. - Milt Thompson.

"Don't get so caught up in your right to dissent that you forget your obligation to contribute." Mrs. James to her son Chappie.
Old 07-17-2024, 06:32 AM
  Pelican Parts Catalog | Tech Articles | Promos & Specials    Reply With Quote #14 (permalink)