[H-GEN] passwords

Mark Suter suter at zwitterion.humbug.org.au
Mon Jul 24 07:06:32 EDT 2000


Daniel,

>    how to manage the RSA keys?
> 	   Give each tech their own key and copy all tech's keys to all servers
> 	   Give each tech a copy of a single key & copy that key to all servers
> 
>    each option has it's pros and cons =(
>    I'm leaning towards a single key as it is easier to manage.  If someone
>    leaves all we have to do is create a new key and update every server, which
>    could be scripted to some extent.  Also if we suspect that someone has 
>    obtained a copy of the key and the passphrase we can push out a new key
>    to all servers.
> 
>    any thoughts?

I recommend that each administrator has their own key and are
responsible for it - a given login should have only be possible
from one person, not many.  Also, a shared key means that the
key needs to be copied to or used from multiple hosts, thus
increasing the chances that it may be compromised.

As Queensland President of the System Administrators Guild of
Australia, I recommend that they all join SAGE-AU.

    http://www.sage-au.org.au/member.html

Yours sincerely,

-- Mark John Suter  | I know that you  believe  you understand
suter at humbug.org.au | what you think I said, but I am not sure
GPG key id F2FEBB36 | you realise that what you  heard  is not
Ph: +61 4 1126 2316 | what I meant.                  anonymous
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 267 bytes
Desc: not available
URL: <http://lists.humbug.org.au/pipermail/general/attachments/20000724/1bcd76ad/attachment-0001.sig>


More information about the General mailing list