From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of synja (at) synfulvisions (dot) com [email concealed]
Sent: Wednesday, December 07, 2011 10:07 AM
To: G V; listbounce (at) securityfocus (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed]
Subject: Re: distributing passwords to users
Standard procedure in most instances is to generate a random password, email it to the user, and force the user to change the password upon login.
Is there a reason you aren't doing this?
Rob
Sent on the Sprint(r) Now Network from my BlackBerry(r)
-----Original Message-----
From: G V <gvasiliu (at) gmail (dot) com [email concealed]>
Sender: listbounce (at) securityfocus (dot) com [email concealed]
Date: Mon, 5 Dec 2011 22:30:24
To: <security-basics (at) securityfocus (dot) com [email concealed]>
Subject: distributing passwords to users
Hi,
From your experience, what's the best secure and easy way to update a password list and distribute it to 1000 or so unix users? The users would have different privilege levels and different access on network.
Throwing ideas, I can think of: pgp (difficult to maintain a separate file for each user), web app (would need to be sucured over ssl, possible password protected), usb disks (difficult to manage changes).
Anyone using an enterprise level app (commercial or not) to "share"
passwords to users, manage changes and so on? Any other ideas I can use?
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
The e-mail and attachments are confidential and intended only for selected recipients. If you have received it in error, you may not in any way disclose or rely on the contents. You may not keep, copy or distribute the e-mail. Should you receive it, immediately notify the sender of the error and delete the e-mail.Also note that this form of communication is not secure, it can be intercepted, and may not necessarily be free of errors and viruses in spite of reasonable efforts to secure this medium.
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of synja (at) synfulvisions (dot) com [email concealed]
Sent: Wednesday, December 07, 2011 10:07 AM
To: G V; listbounce (at) securityfocus (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed]
Subject: Re: distributing passwords to users
Standard procedure in most instances is to generate a random password, email it to the user, and force the user to change the password upon login.
Is there a reason you aren't doing this?
Rob
Sent on the Sprint(r) Now Network from my BlackBerry(r)
-----Original Message-----
From: G V <gvasiliu (at) gmail (dot) com [email concealed]>
Sender: listbounce (at) securityfocus (dot) com [email concealed]
Date: Mon, 5 Dec 2011 22:30:24
To: <security-basics (at) securityfocus (dot) com [email concealed]>
Subject: distributing passwords to users
Hi,
From your experience, what's the best secure and easy way to update a password list and distribute it to 1000 or so unix users? The users would have different privilege levels and different access on network.
Throwing ideas, I can think of: pgp (difficult to maintain a separate file for each user), web app (would need to be sucured over ssl, possible password protected), usb disks (difficult to manage changes).
Anyone using an enterprise level app (commercial or not) to "share"
passwords to users, manage changes and so on? Any other ideas I can use?
Thank you,
George Vasiliu
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
**********************************************************************
The e-mail and attachments are confidential and intended only for selected recipients. If you have received it in error, you may not in any way disclose or rely on the contents. You may not keep, copy or distribute the e-mail. Should you receive it, immediately notify the sender of the error and delete the e-mail.Also note that this form of communication is not secure, it can be intercepted, and may not necessarily be free of errors and viruses in spite of reasonable efforts to secure this medium.
**********************************************************************
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]