On Fri, Sep 4, 2015 at 04:51:33PM -0400, Stephen Frost wrote:
> > Coming in late, but can you explain how multiple passwords allow for
> > easier automated credential rotation? If you have five applications
> > with stored passwords, I imagine you can't change them all at once, so
> > with multiples you could change it on one, then go to the others and
> > change it there, and finally, remove the old password. Is that the
> > process? I am not realizing that without multiple plasswords, this is a
> > hard problem.
>
> That's exactly the process if multiple passwords can be used. If
> there's only one account and one password supported then you have to
> change all the systems all at once and that certainly can be a hard
> problem.
>
> One way to deal with this is to have a bunch of different accounts, but
> that's certainly not simple either and can get quite painful.
OK, for me, if we can explain the benefit for users, it seems worth
doing just to allow that.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ Everyone has their own god. +