Password repository

Bret Clark bclark at spectraaccess.com
Thu Nov 19 14:25:41 UTC 2009


Don't recall if it was mention but we use a nice little app called MyPMS
http://lvoware.com/. Put it on an internal system and then people have
to access via a VPN connection to browse into it. That way if a person
is no longer with the company, then their VPN has been turned off and
they don't have access to it anymore.  The reason I like the app is it's
OS agnostic for the end user and keeps the data in an SQL DB. 

On Thu, 2009-11-19 at 14:07 +0000, gordon b slater wrote:

> On Wed, 2009-11-18 at 20:49 -0800, Darren Bolding wrote:
> > Pwman
> 
> ...which has the HUGE advantage of being CLI (so useable over SSH
> sessions from network devices) and has tagging for searching large
> databases of passes.  pwman3 is current version. For most OSs. 
> I've even used it looped through a multitude of nested VTY+SSH+screen
> sessions -  one of which was a Dropbear sshd and client on a 20$ plastic
> CPE - to save my sorry *ss    
> 
> For GUIs:-
> Keepassx for most OSs, and Keepass2.x on MS Windows
> Password Gorilla is a nice one for end-users, most OSs
> 
> Bruce's Passwordsafe format is a somewhat de-facto standard for
> import/export. Keepass can do a lot of conversion for you. 
> Some shops use rsync top distribute the masters and set them readonly at
> filesystem - level though this tends to preclude regular rotation and
> updating. 
> 
> Beware that some of the commercial offerings are trivially broken or
> otherwise borked for "work" use. ymmv
> 
> Whatever you use dump the file to a flat file (crypted of course) and
> save a statically linked version of the app for those "wow - what
> password app did we use way back in 2001?" moments.
> 
> Print a copy every month or so and store securely offsite too - all the
> usual caveats apply. Once you have a super-duper app for them you tend
> to crank the pw complexity up to a level where no-one can remember
> anything nor even recognise regular ones; it's mainly cut and paste,
> especially if you use X.
> 
> 
> Unless of course, the OP meant RADIUS pulling on LDAP, PAM, etc ? 
> 
> Gord
> 
> --
> rommon 3 > You have reached the gateway of last resort. Abandon hope all
> ye who press enter here
> 
> 
> 



More information about the NANOG mailing list