[ale] How do you store your passwords?

James P. Kinney III jkinney at localnetsolutions.com
Sat Nov 10 09:36:43 EST 2007


I haven't seen one in existence (doesn't mean it's not available) but a
system that would store passwords and deliver them inline (i.e. input
them at the prompt without the admin user ever seeing or knowing the
password) would be quite useful.

So instead of a direct ssh or su session, there is a wrapper that
prompts for the admin users password (for sudo) that then decrypts the
appropriate machine password and performs the login then return console
back to the admin. Maybe something that gives back sudosh for audit
purposes. 

On Sat, 2007-11-10 at 09:13 -0500, Jerry Yu wrote:
> so far this is talking about keeping for personal use.  What about for
> group sharing? Are there a free/oss/commercial tools to have the
> following features.   GnuPG or PGP carries many of these features. Is
> a good wrapper  of GnuPG for this? 
>      1. condentiality: encryption (AES, 3DES, blowfish, crypt, etc.)
>      2. authentication: indivual access key to the basically same file
>      3. authorization: grant/revoke access w/o touching the secret
>         file(s) 
>      4. audit: audit trail of r/w or r/o access
>      5. audit: version control
>      6. availabilty: ease of publishing or distribution
>      7. availability: DR (what if individual key/token get lost & what
>         about master key/phrase/secureID get lost) 
>      8. integrity: mechanism to verify authenticity & integrity of the
>         file
> 
> On Nov 9, 2007 5:35 PM, Brian Pitts <brian at polibyte.com> wrote:
>         Nick Ali wrote:
>         > On Nov 9, 2007 4:46 PM, Paul Cartwright <
>         ale at pcartwright.com> wrote:
>         >> I can take that FILENAME.gpg, put it on my USB stick, and
>         carry it around
>         >> safely.. I  think..
>         >
>         > You also need to carry the private key, which is stored in
>         ~/.gnupg if 
>         > you just created a public/private key set on your local
>         machine. Just
>         > copy the .gnupg/ to your stick and use the --homedir option
>         to point
>         > to it when decrypting.
>         >
>         > nick
>         
>         
>         This is why I think an encrypted partition is a better
>         solution, btw. Of
>         course, you have to remember the password to decrypt the
>         master key that
>         decrypts the partition.
>         
>         http://www.saout.de/tikiwiki/tiki-index.php?page=LUKS
>         
>         -Brian
>         
>         _______________________________________________
>         Ale mailing list
>         Ale at ale.org
>         http://www.ale.org/mailman/listinfo/ale
>         
> 
> 
> -- 
> This message has been scanned for viruses and 
> dangerous content by MailScanner, and is 
> believed to be clean. 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
James P. Kinney III          
CEO & Director of Engineering 
Local Net Solutions,LLC        
770-493-8244                    
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list