Browse Prior Art Database

System to manage passwords of local accounts on offline VMs Disclosure Number: IPCOM000191676D
Original Publication Date: 2010-Jan-11
Included in the Prior Art Database: 2010-Jan-11
Document File: 2 page(s) / 38K

Publishing Venue



Many development groups at IBM manage a large number of virtual machines (VM). A common management issue is maintaining passwords for administrative accounts on the VM. Although directory services can be used to manage passwords for users accessing the machines, they do not cover accounts created on the actual machine, such as the administrator account. In addition, it is very common for VMs to not use directory services and only maintain local accounts for machine access/authentication. A significant problem with local accounts relates to the management of these accounts and passwords for offline VM images. It is a very costly and time consuming to start up offline images in order to perform account administration. Many times backed up or archived VM images are neglected for account administration because if is too troublesome to bring up the images for frequent account administrative tasks. When these VM images are later brought online, security risks are exposed due to accessibility of old accounts. Utilities for managing local accounts exist for managing online VMs, such as scripts described here: However, these types of utilities do not assist in managing offline accounts.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 54% of the total text.

Page 1 of 2

System to manage passwords of local accounts on offline VMs

The system proposed in this publication would manage passwords of administrative accounts on the actual VM disk images. The aspect of this invention that makes it most novel, however, is that it will manage accounts on offline VM images. The solution addresses three problems.

1) This solution will make it easier to maintain passwords when an organization's security policy prescribes passwords need to be changed on a regular basis. In typical development environments, significant costs are encountered in maintaining the passwords and keeping a group of developers updated on the access credentials.

2) This solution will simplify adding and removing accounts on multiple machines. For example, if a person moves jobs, a person's access might need to be removed from multiple machines. This proposed solution would automate the update instead of allowing ineligible individuals access to machines.

3) This solution maintains the passwords by manipulating the disk image of the VM and therefore does not require that the image be started to perform account administration on it. This approach eliminates the costly process of booting each image to apply the account/password change. This also helps maintain VMs that are not frequently used. For example, A VM might be created for backup purposes. It might be months before it is referenced again. The proposed system wo...