Educause Security Discussion mailing list archives

Re: Password keepers (was Re: Password policy)

From: Jeff Giacobbe <giacobbej () MAIL MONTCLAIR EDU>
Date: Thu, 2 Nov 2006 08:49:20 -0500

All-

If you are looking for something cross-platform, I highly recommend
PasswordManager. It's written in Java and runs on just about anything
with a reasonably current JVM (Windows, Linux, MacOS X, Solaris, etc)
And it's free (as in beer - not open source)

  http://www.geocities.com/ramix_info/passwordmanager.html

It has a decent interface and all passwords are stored internally using
BlowfishJ encryption.  We find it particularly useful since our sys
admins use a variety of platforms and they can run the tool from a USB
thumb drive on any machine with a decent JVM.

Of course, the one big drawback to this or any other standalone password
keeper is that all members of the sys admin team need to be sure they
manually "sync up" to the latest passwords whenever a new machine is
added or a password is changed.  Having a central, secure repository for
such passwords that the client app would automatically sync with would
be ideal.

We have a homegrown PHP based web app that stores many of our passwords
centrally with encrypted LDAP login to view the passwords, but at this
point it doesn't provide auto-sync with any standalone password
management tool.

--
Jeff Giacobbe
Director of Systems, Security, and Networking
Montclair State University


Russell Fulton wrote:

John Ladwig wrote:

All our administrative accounts for servers and infrastructure are
moanaged using PasswordSafe.

And I encourage people to use it for any other needs they might have,
but we don't insist on wide use, at this time.

passwordsafe is brilliant but I'm still looking for something for use on
Mac and Linux environments.  I've tried password grollia but having to
install all the TK/TCL stuff is a pain and, at least on the Mac I've not
managed to get it to work well enough to use.   Several colleagues use
it on Linux where the tcl/tk stuff is there by default.

I'm tempted to do something myself using fx-ruby which would tie into a
network based enterprise password repository but that will probably have
to wait until I have time, i.e. when I retire!

Russell

Current thread:

Password keepers (was Re: Password policy) Gary Dobbins (Nov 01)
- <Possible follow-ups>
- Password keepers (was Re: Password policy) John Ladwig (Nov 01)
- Re: Password keepers (was Re: Password policy) Russell Fulton (Nov 01)
- Re: Password keepers (was Re: Password policy) Jeff Giacobbe (Nov 02)