Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Passwords - in a Disaster Recovery Doc/Book

Re: Passwords - in a Disaster Recovery Doc/Book

From: brian hiles <bsh_at_rainey.blueneptune.com>
Date: 2000/03/13
Message-ID: <scque4tra5n106@corp.supernews.com>#1/1 






In comp.unix.shell Mike O <ora7dba_at_yahoo.com> wrote:


> I am working on a Disaster Recovery Document for PASSWORDS (Unix, Oracle, NT

> servers, etc).  Has anyone tackled this process and have recommendations?

> While working with another company, we had all passwords in sealed rip proof

> envelopes in the HelpDesk area of the company (staffed 7x24).  If someone

> had to gain access to the passwords they were to report this fact and new

> passwords were issued shortly there after.

> It was rare that someone needed to gain access to Oracle passwords, for

> example, but with a small staff and critical business needs needing to be

> met.. it was important to have this information available.  Yes, a pain to

> change passwords but it didn't happen often.

> So, if you have something else in place I would like to hear examples or if

> you send a procedure that you use or document I would appreciate the input.

> Thanks! -Mike




I find that password administration falls into either of one or
both categories:  security and convenience. As long root does
not forget his password, there is of course always the alternative
of allowing him to reinstate another password for the errant (l)user.



I have two URLs for documents concerning password recovery; I
don't know how pertainent they are, but you can be assured that
password recovery, security, and management is a thriving subset
of system administration.
 


http://www.nucleus.com/~anwar/NT.html


http://www.ryanspc.com/password.html



I find, however, the best solution -- in the criterion of convenience
to the sysadm without compromising security to any _great_ extent
is to substitute /bin/passwd with a shell script that ask in addition
to the password and question that the user formulates that when
asked will attempt to "jog" the user's memory: for instance, "what
is my birthday, and what is my dog's name?" Disallow embedding the
password itself in the query string, and be forewarned that passwords
that _can_ be remembered with this technique are all too often
nominal.



Of course the best solution is for the user to not forget his/her
password in the first case, for which I can suggest that the best
solution is an electronic "dongle" which generates a "random"
password depending on the time of day, etc, that the user is expected
to input at login. Nothing to remember, and the password changes
from minute to minute.



An additional bit of useful information is to assign "pronounceable"
passwords:



http://www.best.com/~thvv/gpw.html



Hope this helps....



-Brian
Received on Mon Mar 13 2000 - 00:00:00 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US