Password management

There are several forms of software used to help users or organizations better manage passwords:

Privileged password management

Privileged password management is a type of password management used to secure the passwords for login IDs that have elevated security privileges. This is most often done by periodically changing every such password to a new, random value. Since users and automated software processes need these passwords to function, privileged password management systems must also store these passwords and provide various mechanisms to disclose these passwords in a secure and appropriate manner. Privileged password management is related to privileged identity management.

Examples of privileged passwords

There are three main types of privileged passwords. They are used to authenticate:

Local administrator accounts

On Unix and Linux systems, the root user is a privileged login account. On Windows, the equivalent is Administrator. On SQL databases, the equivalent is sa. In general, most operating systems, databases, applications and network devices include an administrative login, used to install software, configure the system, manage users, apply patches, etc. On some systems, different privileged functions are assigned to different users, which means that there are more privileged login accounts, but each of them is less powerful.

Service accounts

On the Windows operating system, service programs execute in the context of either system (very privileged but has no password) or of a user account. When services run as a non-system user, the service control manager must provide a login ID and password to run the service program so service accounts have passwords. On Unix and Linux systems, init and inetd can launch service programs as non-privileged users without knowing their passwords so services do not normally have passwords.

Connections by one application to another

Often, one application needs to be able to connect to another, to access a service. A common example of this pattern is when a web application must log into a database to retrieve some information. These inter-application connections normally require a login ID and password and this password.

Securing privileged passwords

A privileged password management system secures privileged passwords by:

Required infrastructure

A privileged password management system requires extensive infrastructure:

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.