03-09-2009
Password Automation pros/cons
folks,
I have a security related question, to all you. Please share your comments with me.
I have a situation where i was asked to automate the password in my application, which expires every 6 months. In this case i need to generate a random password and set the password on some database/system (encrypted) and use this password in my application. In doing so the owner of the account will not be knowing the password as well.
My argument is that at first place, we should not automate the password to change automatically upon expiary. Secondly, changing the password automatically, the password change is not accountable and at later stages we would not know who changed the password last time. When i think of the password change I strongly belive that the account owner should be responsiable for keeping the passwords in a secret/encrypted form.
Please kindly share your thoughts if you had encountered such a situation beofre and what is best way to deal with this situation.
Hope to here from your expertese.
Cheers
Sudharma.
10 More Discussions You Might Find Interesting
1. AIX
Can anyone provide the pros and cons of having an NFS mount on an AIX server. Or direct me to documentation that provides this information. Thanks... (1 Reply)
Discussion started by: mcateriny
1 Replies
2. UNIX for Advanced & Expert Users
Hi,
Is there any way to automate the reset of passwords.I mean can we write some scripts and do it. Would be great if anybody can help in this regards. (9 Replies)
Discussion started by: yakyaj
9 Replies
3. AIX
We are considering a DR strategy of booting AIX 5.3 and 5.3 logical partitions from EMC Symmetrix SAN disks, so that we can replicate via SRDF to a recovery site. Has anyone tried configuring AIX 5.x systems to boot from SAN disk? If so, can you provide any information on the pros and cons of... (6 Replies)
Discussion started by: jjgarrot
6 Replies
4. Shell Programming and Scripting
I am working on a script to automate and SFTP that I am currently doing to a company that does not allow for a .ssh profile to be created.
I have search and read about the -b option and am wondering if i can get some more information about it.
I tried to right a file containing the password... (3 Replies)
Discussion started by: jaycheetwood
3 Replies
5. Shell Programming and Scripting
Hello,
I need some assistance in trying to figure out the best way to automate user account password resets.
The environment is a mix of 2000 HP-ux, aix, linux, and sunos boxes.
The security specs are to reset pw's every 90 days.
Most boxes are only accessible from within a current ssh... (2 Replies)
Discussion started by: deviousdoses
2 Replies
6. UNIX for Advanced & Expert Users
Hi All,
We have a special requirement from our client, we need to automate one of the sftp job with password authentication. I know sftp can be automated with Key authentication, but this is not what I am looking for.
Can some body help me, a method like .netrc in FTP automation or like sftp... (6 Replies)
Discussion started by: shihabvk
6 Replies
7. Infrastructure Monitoring
I have some questions regarding ping
a. im planning to add all my servers to nagios for monitoring purposes. since nagios will do "PING" on the IP address (to check if UP or down), will there be affect on all my servers? say resource utilization, memory, etc? Will it add up or slow down the... (3 Replies)
Discussion started by: lhareigh890
3 Replies
8. UNIX for Dummies Questions & Answers
i am doing automation of report in unix. i am copying files from different server using scp command.. if i use scp its asking for password for copying files..is there any way to automate this password issue..
can anyone help me out???
tahnks in advance,
Arun Manas (4 Replies)
Discussion started by: arunmanas
4 Replies
9. Shell Programming and Scripting
Anyone has experience or study with Text User Interface and Curses::UI using Perl?
- What is the criteria to decide which method is better for a console based UI?
- Which DTL (dialog tag language) is supported by these?
The background is that I want to write a wrapper over some UNIX tools... (0 Replies)
Discussion started by: vikrantl
0 Replies
10. UNIX for Advanced & Expert Users
Hello,
Could anyone please enumerate some of the pros and cons to using a Journaled FileSystem?
---------- Post updated at 02:46 PM ---------- Previous update was at 02:45 PM ----------
I know clearly not losing data during a failed move or copy is a big pro, correct? Let's build off of... (8 Replies)
Discussion started by: glev2005
8 Replies
LEARN ABOUT HPUX
pam_user.conf
pam_user.conf(4) Kernel Interfaces Manual pam_user.conf(4)
NAME
pam_user.conf - user configuration file for pluggable authentication modules
SYNOPSIS
DESCRIPTION
is the user configuration file for the Pluggable Authentication Module architecture, or PAM. It is not designed to replace the PAM system
configuration file, For PAM to work properly, is mandatory (see pam.conf(4)). is optional. It is used only when a user basis configura-
tion is needed. It mainly specifies options to be used by service modules on a user basis.
The options defined in indicate the default for users who are not configured in or if the module type is not configured for some users.
For the configuration in to take effect, needs to configure service module (see pam.conf(4)).
Simplified pam_user.conf Configuration File
The file contains a listing of login names. Each login name is paired with a corresponding service module with or without options speci-
fied. Each entry has the following format:
login_name module_type module_path options
Below is an example of the configuration file.
tom auth /usr/lib/security/$ISA/libpam_unix.so.1 debug use_psd
tom auth /usr/lib/security/$ISA/libpam_dce.so.1 use_first_pass
tom account /usr/lib/security/$ISA/libpam_unix.so.1 use_psd
tom account /usr/lib/security/$ISA/libpam_dce.so.1 try_first_pass
susan auth /usr/lib/security/$ISA/libpam_unix.so.1
susan auth /usr/lib/security/$ISA/libpam_dce.so.1 try_first_pass
The login_name denotes the login name of a user (for example, For detailed information on module_type, module_path, and options, see
pam.conf(4).
The first entry indicates that when the UNIX authentication is invoked for the options and will be used. The second entry indicates that
when the DCE authentication is invoked for the option will be used. The module type is not configured for therefore, the options will take
effect. For those users who are not configured, the options apply.
Notes
If an error is found in an entry due to invalid login_name or module_type, then the entry is ignored. If there are no valid entries for
the given module_type, the PAM framework ignores and reads the configuration in
EXAMPLES
The following is a sample configuration file. Lines that begin with the symbol are treated as comments, and therefore ignored.
#
# PAM user configuration
#
# Authentication management
john auth /usr/lib/security/$ISA/libpam_unix.so.1
john auth /usr/lib/security/$ISA/libpam_inhouse.so.1 try_first_pass
david auth /usr/lib/security/$ISA/libpam_unix.so.1 use_psd
david auth /usr/lib/security/$ISA/libpam_inhouse.so.1 try_first_pass
susan auth /usr/lib/security/$ISA/libpam_unix.so.1 use_psd
susan auth /usr/lib/security/$ISA/libpam_inhouse.so.1 try_first_pass
# Password management
john password /usr/lib/security/$ISA/libpam_unix.so.1
david password /usr/lib/security/$ISA/libpam_unix.so.1 use_psd
susan password /usr/lib/security/$ISA/libpam_unix.so.1 use_psd
SEE ALSO
pam(3), pam.conf(4).
pam_user.conf(4)