[UPHPU] Passwords
Lonnie Olson
lists at kittypee.com
Mon Mar 17 13:59:10 MDT 2008
Sean wrote:
> Hi All,
>
> I'm needing to set some passwords for a couple dozen servers and a
> whole bunch of clients(1000+). And I was wondering what the best way to
> go about it is. How do you guys/gals go about creating passwords for
> servers, do you use the same for each service, like do you use the same
> password for mysql as you do for the machine? do you just come up with
> the passwords? or do you use a password generator?
I generally use a different password for each service. This can
mitigate some damage in case of compromise. Also it allows me to give
the MySQL root password to web devs without giving them the machine root.
For infrequently used passwords I use a password generator (APG
http://www.onlamp.com/pub/a/bsd/2003/10/30/FreeBSD_Basics.html )
For more frequently used passwords I make one up.
Also, for many servers or devices I centralize authentication whenever
possible. eg. RADIUS for devices like switches, routers, firewalls. I
have plans to implement either LDAP or Kerberos for general server
authentication.
--lonnie
More information about the UPHPU
mailing list