Password repository

gordon b slater gordslater at ieee.org
Thu Nov 19 14:07:13 UTC 2009


On Wed, 2009-11-18 at 20:49 -0800, Darren Bolding wrote:
> Pwman

...which has the HUGE advantage of being CLI (so useable over SSH
sessions from network devices) and has tagging for searching large
databases of passes.  pwman3 is current version. For most OSs. 
I've even used it looped through a multitude of nested VTY+SSH+screen
sessions -  one of which was a Dropbear sshd and client on a 20$ plastic
CPE - to save my sorry *ss    

For GUIs:-
Keepassx for most OSs, and Keepass2.x on MS Windows
Password Gorilla is a nice one for end-users, most OSs

Bruce's Passwordsafe format is a somewhat de-facto standard for
import/export. Keepass can do a lot of conversion for you. 
Some shops use rsync top distribute the masters and set them readonly at
filesystem - level though this tends to preclude regular rotation and
updating. 

Beware that some of the commercial offerings are trivially broken or
otherwise borked for "work" use. ymmv

Whatever you use dump the file to a flat file (crypted of course) and
save a statically linked version of the app for those "wow - what
password app did we use way back in 2001?" moments.

Print a copy every month or so and store securely offsite too - all the
usual caveats apply. Once you have a super-duper app for them you tend
to crank the pw complexity up to a level where no-one can remember
anything nor even recognise regular ones; it's mainly cut and paste,
especially if you use X.


Unless of course, the OP meant RADIUS pulling on LDAP, PAM, etc ? 

Gord

--
rommon 3 > You have reached the gateway of last resort. Abandon hope all
ye who press enter here



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3161 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20091119/14194909/attachment.bin>


More information about the NANOG mailing list