Multi-User Corporate Password Management

By mephitic ·
I'm curious if anyone can recommend some insight on how some of the large corporations handle their password management. Currently we're storing administrative passwords for servers, network switches, routers, devices, etc in an Excel sheet, within a secured folder on the network so members of the department can access them as needed.

We'd like to have a little more control over these passwords and possibly even be able to track to accesses them. We had thought of something that may have the ability to do tier structures. Jr admins having access to some passwords, admins having access to additional passwords, etc ...

Has anyone had experience with any password management software, can offer a solution to the problem they've already worked through, etc... Any input would be helpful.

Thank you!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

tier structure...

by ---TK--- In reply to Multi-User Corporate Pass ...

seems to be the best... only give people what they need to do their job, don't give them the keys to the city!

Example: I work in a huge infrastructure, 5 domains and 16 subdomains. I have full domain administration rights (Active Directory/local admin), but I don't have any of the network devices passwords.

We don't use password software, the manager of the departments are responsible for giving out/ protecting the passwords. And we (the team) are held liable for the passwds that we know. So if it gets out, everyone in the department is audited and the passwd is changed (someone looses their job).

added: I also don't have root access passwords for the Unix infrastructure(ldap), NAS/SAN devices, ESX hosts, linux complex computing cluster, ect.... you get the point? And none of those groups have the NT passwords (or permissions).

The users and groups is handled by AD for the NT side and LDAP for the UNIX side... hopfuly this helps out a little.

Collapse -


by pnoykalbo In reply to Multi-User Corporate Pass ...

We centralized everything to LDAP. Other applications, network authentications -SAMBA, IMAP authentications, AS400 authentications, everything authenticates through our multiple LDAP servers using a balancer. I also heard that AD is also another way to centralized user passwords.

Related Discussions

Related Forums