- Bookmarks (65)
- Fr0n (1)
- LifeInGeneral (2)
- On the trail (4)
- Photos (3)
- Practice (5)
- Software (6)
- Tools (6)
- December 26, 2008: links for 2008-12-26
- December 12, 2008: Turning off public registration
- December 3, 2008: links for 2008-12-03
- November 3, 2008: links for 2008-11-03
- October 31, 2008: links for 2008-10-31
- October 24, 2008: links for 2008-10-24
- October 21, 2008: links for 2008-10-21
- October 7, 2008: links for 2008-10-07
- September 28, 2008: links for 2008-09-28
- September 21, 2008: links for 2008-09-21
Password lockbox
With the advent of Sarbanes-Oxley, it seems everyone is hot to start changing their passwords on a regular basis. This is enough of a problem for people, but when systems need to use passwords to get things done automatically, it turns into a nightmare.
I started putting together a specification for a password “lockbox” that would handle this. It would have to be able to handle standalone machines that were their own security domain (e.g. Unix with local passwd file) or a group of machines that share the same password (e.g. NIS or AD). It would be nice if you could encode the password expiration policy and have the system automatically change the password for you so it wouldn’t expire. You’d want sophisticated ACLs to control who can see which passwords.
Yesterday I went to a presentation from a company about a product of theirs that seems to cover all of this and more: Cyber-Ark’s Enterprise Password Vault.
It’s not cheap, but on the old build-versus-buy continuum, I think this is one I’d rather buy.