Re: Managing Passwords (OT)

It's not clear to me what kind of question you are actually asking. Are you suggesting that you want to make a website that gives people access to all their passwords? Why? If you can live with the fact you just need one password to access all your accounts (assuming that webpage needs a password), why not make all the passwords of a person the same to start with?

Abigail

Comment on Re: Managing Passwords (OT)

Replies are listed 'Best First'.
Re: Re: Managing Passwords (OT) by Anonymous Monk on Feb 19, 2003 at 01:20 UTC
Sorry if I did not state the problem clearer. There are two requirements: 1) Create a place for IT to store all of the passwords issued, and determine which users have access 2) Find a way to distribute passwords to users and make them available when they forget them These passwords are not for internal NT accounts, but for the administration of the servers and services for our web-hosted application. The biggest problem is that most of these logins are shared among different sets of users. There are admin logins for services like JRun, Weblogic, databases, our integration engine, etc. There are logins to third-party web-based tools for monitoring and such. Also logins for remote share access, VNC, Timbuktu, etc. The web page I plan to build would be hosted on the company intranet, using SSL with Apache. Access to the intranet is password protected per user. My main concern with this are users that leave their machines unlocked while unattended. I have a way to minimize the risk of shoulder surfing. I'm relatively new to the IT side of things (coming from the web side), so I figured I had better post here and see if anyone can point out any gotchas I need to look out for. Or if someone has a better solution to the same problem. Or flat out say my idea sucks. :) I hope that's a bit clearer. Thanks for your help, A Monk	[reply]

Replies are listed 'Best First'.

Re: Re: Managing Passwords (OT)
by Anonymous Monk on Feb 19, 2003 at 01:20 UTC

There are two requirements:

1) Create a place for IT to store all of the passwords issued, and determine which users have access
2) Find a way to distribute passwords to users and make them available when they forget them

These passwords are not for internal NT accounts, but for the administration of the servers and services for our web-hosted application.

The biggest problem is that most of these logins are shared among different sets of users. There are admin logins for services like JRun, Weblogic, databases, our integration engine, etc. There are logins to third-party web-based tools for monitoring and such. Also logins for remote share access, VNC, Timbuktu, etc.

The web page I plan to build would be hosted on the company intranet, using SSL with Apache. Access to the intranet is password protected per user. My main concern with this are users that leave their machines unlocked while unattended. I have a way to minimize the risk of shoulder surfing.

I'm relatively new to the IT side of things (coming from the web side), so I figured I had better post here and see if anyone can point out any gotchas I need to look out for. Or if someone has a better solution to the same problem. Or flat out say my idea sucks. :)

I hope that's a bit clearer. Thanks for your help,
A Monk

[reply]