[colug-432] password survey
Scott McCarty
scott.mccarty at gmail.com
Sat May 24 14:48:21 EDT 2014
Check out FreeIPA, it can do centralized key management for Linux/Unix. Supported versión comes with any Red Hat Enterprise Linus subscription.
Sent from my Verizon Wireless 4G LTE smartphone
<div>-------- Original message --------</div><div>From: Brian Miller <bnmille at gmail.com> </div><div>Date:05/24/2014 12:19 PM (GMT-05:00) </div><div>To: colug-432 at colug.net </div><div>Subject: Re: [colug-432] password survey </div><div>
</div>On 05/22/2014 06:52 PM, Scott McCarty wrote:
> For keys there are definitely guidelines. Here is an old article I wrote, but still very important data:
>
> http://crunchtools.com/ssh-keychain/
>
> See sections: Key Length & RSA vs. DSA
>
> Best Regards
> Scott M
>
So, my original post wasn't asking for policy guidance. I was looking
for examples of what people actually do. As part of a consolidation
effort, we are likely to have over 1000 UNIX/Linux servers under a
single management group. The proposed security standard wants us to
have 8+ characters, and to change them every 90 days. My initial
thought was that if I'm on the management team, they had better give me
at least one day every 3 months just to manage MY passwords, since there
is no initial plan to have centralized authentication with LDAP. And
have they planned enough manpower to handle user password change/reset
requests (estimating an average of 6 non-admin user accounts per
server)? I'm trying to argue that if we combine SSHD with tcpwrappers
(we are looking at a total of maybe 12 Class-C/B subnets from which
users would need to connect, and most servers would only need 3 or 4 of
them) that would effectively give us 2 factor authentication, so we
shouldn't have a need to change passwords at all.
But thanks for the links.
_______________________________________________
colug-432 mailing list
colug-432 at colug.net
http://lists.colug.net/mailman/listinfo/colug-432
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20140524/f3acb7ff/attachment-0001.html
More information about the colug-432
mailing list