| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Oct 13 04:39:14 2005 From: capegeo at opengroup.org (George Capehart) Subject: password vaults- David Royer wrote: > Sorry for the very noob question, but I'm having very hard times finding > such products. > I have the pleasure and the incredible chance to support generic (shared > admin) passwords. I'm looking for a commercial product to manage the > distribution and protection of these passwords. Must be RSA compatible and > Active Directory (LDAP, to retrieve info and allow access). Also must be > able to support web (https) for users to log in and get the passwords they > are allowed to see. > Best regards! OK. In spite of the fact that this has got to be a troll, I'll bite . . . Run from that as fast and as far as you can. Under /*any*/ circumstance, shared passwords are a major no-no. You're setting yourself up for misery . . . And allowing users "to log in and get the passwords they are allowed to see"? Think about that for a while and see if you can identify some potential risks there . . . /g
Powered by blists - more mailing lists