nanog mailing list archives
Re: Password repository
From: Bret Clark <bclark () spectraaccess com>
Date: Thu, 19 Nov 2009 09:25:41 -0500
Don't recall if it was mention but we use a nice little app called MyPMS http://lvoware.com/. Put it on an internal system and then people have to access via a VPN connection to browse into it. That way if a person is no longer with the company, then their VPN has been turned off and they don't have access to it anymore. The reason I like the app is it's OS agnostic for the end user and keeps the data in an SQL DB. On Thu, 2009-11-19 at 14:07 +0000, gordon b slater wrote:
On Wed, 2009-11-18 at 20:49 -0800, Darren Bolding wrote:Pwman...which has the HUGE advantage of being CLI (so useable over SSH sessions from network devices) and has tagging for searching large databases of passes. pwman3 is current version. For most OSs. I've even used it looped through a multitude of nested VTY+SSH+screen sessions - one of which was a Dropbear sshd and client on a 20$ plastic CPE - to save my sorry *ss For GUIs:- Keepassx for most OSs, and Keepass2.x on MS Windows Password Gorilla is a nice one for end-users, most OSs Bruce's Passwordsafe format is a somewhat de-facto standard for import/export. Keepass can do a lot of conversion for you. Some shops use rsync top distribute the masters and set them readonly at filesystem - level though this tends to preclude regular rotation and updating. Beware that some of the commercial offerings are trivially broken or otherwise borked for "work" use. ymmv Whatever you use dump the file to a flat file (crypted of course) and save a statically linked version of the app for those "wow - what password app did we use way back in 2001?" moments. Print a copy every month or so and store securely offsite too - all the usual caveats apply. Once you have a super-duper app for them you tend to crank the pw complexity up to a level where no-one can remember anything nor even recognise regular ones; it's mainly cut and paste, especially if you use X. Unless of course, the OP meant RADIUS pulling on LDAP, PAM, etc ? Gord -- rommon 3 > You have reached the gateway of last resort. Abandon hope all ye who press enter here
Current thread:
- Password repository Jay Nakamura (Nov 18)
- Re: Password repository David Storandt (Nov 18)
- Re: Password repository Darren Bolding (Nov 18)
- Re: Password repository gordon b slater (Nov 19)
- Re: Password repository Bret Clark (Nov 19)
- Re: Password repository gordon b slater (Nov 19)
- RE: Password repository Darryl Dunkin (Nov 18)
- Re: Password repository Randy Bush (Nov 18)
- Re: Password repository Dan White (Nov 18)
- Re: Password repository Dan Young (Nov 19)
- Re: Password repository Dan Bellazetin (Nov 19)
- Re: Password repository Phil Regnauld (Nov 19)
- RE: Password repository Blake Pfankuch (Nov 19)
- Re: Password repository Jay Nakamura (Nov 19)
- RE: Password repository Jason Granat (Nov 19)
- RE: Password repository Jeffrey Negro (Nov 19)
(Thread continues...)