[colug-432] password survey

Scott McCarty scott.mccarty at gmail.com
Sat May 24 14:48:21 EDT 2014

Check out FreeIPA, it can do centralized key management for Linux/Unix. Supported versión comes with any Red Hat Enterprise Linus subscription. 

Sent from my Verizon Wireless 4G LTE smartphone

<div>-------- Original message --------</div><div>From: Brian Miller <bnmille at gmail.com> </div><div>Date:05/24/2014  12:19 PM  (GMT-05:00) </div><div>To: colug-432 at colug.net </div><div>Subject: Re: [colug-432] password survey </div><div>
</div>On 05/22/2014 06:52 PM, Scott McCarty wrote:
> For keys there are definitely guidelines. Here is an old article I wrote, but still very important data:
> http://crunchtools.com/ssh-keychain/
> See sections: Key Length & RSA vs. DSA
> Best Regards
> Scott M

So, my original post wasn't asking for policy guidance.  I was looking 
for examples of what people actually do.  As part of a consolidation 
effort, we are likely to have over 1000 UNIX/Linux servers under a 
single management group.  The proposed security standard wants us to 
have 8+ characters, and to change them every 90 days.  My initial 
thought was that if I'm on the management team, they had better give me 
at least one day every 3 months just to manage MY passwords, since there 
is no initial plan to have centralized authentication with LDAP.  And 
have they planned enough manpower to handle user password change/reset 
requests (estimating an average of 6 non-admin user accounts per 
server)?   I'm trying to argue that if we combine SSHD with tcpwrappers 
(we are looking at a total of maybe 12 Class-C/B subnets from which 
users would need to connect, and most servers would only need 3 or 4 of 
them) that would effectively give us 2 factor authentication, so we 
shouldn't have a need to change passwords at all.

But thanks for the links.

colug-432 mailing list
colug-432 at colug.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20140524/f3acb7ff/attachment-0001.html 

More information about the colug-432 mailing list