[ale] How do you store your passwords?
Greg Freemyer
greg.freemyer at gmail.com
Mon Nov 12 10:05:52 EST 2007
Aiui, openid is exclusively for authorizing web-based apps.
Is there an effort to integrate it into ssh, sftp, local login, etc.?
On Nov 12, 2007 9:48 AM, Charles Shapiro <hooterpincher at gmail.com> wrote:
> Ooh,ooh,you should've been at the Atlanta BarCamp!
>
> Saw a presentation there on OpenID ( http://openid.net/ ). It's real
> interesting. The guy doin' the presentation was working on group ids as
> well. I signed up ( http://myopenid.com ), although alas not too many sites
> use it..
>
> -- CHS
>
>
> On 11/10/07, James P. Kinney III <jkinney at localnetsolutions.com> wrote:
> > I haven't seen one in existence (doesn't mean it's not available) but a
> > system that would store passwords and deliver them inline (i.e. input
> > them at the prompt without the admin user ever seeing or knowing the
> > password) would be quite useful.
> >
> > So instead of a direct ssh or su session, there is a wrapper that
> > prompts for the admin users password (for sudo) that then decrypts the
> > appropriate machine password and performs the login then return console
> > back to the admin. Maybe something that gives back sudosh for audit
> > purposes.
> >
> > On Sat, 2007-11-10 at 09:13 -0500, Jerry Yu wrote:
> > > so far this is talking about keeping for personal use. What about for
> > > group sharing? Are there a free/oss/commercial tools to have the
> > > following features. GnuPG or PGP carries many of these features. Is
> > > a good wrapper of GnuPG for this?
> > > 1. condentiality: encryption (AES, 3DES, blowfish, crypt, etc.)
> > > 2. authentication: indivual access key to the basically same file
> > > 3. authorization: grant/revoke access w/o touching the secret
> > > file(s)
> > > 4. audit: audit trail of r/w or r/o access
> > > 5. audit: version control
> > > 6. availabilty: ease of publishing or distribution
> > > 7. availability: DR (what if individual key/token get lost & what
> > > about master key/phrase/secureID get lost)
> > > 8. integrity: mechanism to verify authenticity & integrity of the
> > > file
> > >
> > > On Nov 9, 2007 5:35 PM, Brian Pitts <brian at polibyte.com> wrote:
> > > Nick Ali wrote:
> > > > On Nov 9, 2007 4:46 PM, Paul Cartwright <
> > > ale at pcartwright.com> wrote:
> > > >> I can take that FILENAME.gpg, put it on my USB stick, and
> > > carry it around
> > > >> safely.. I think..
> > > >
> > > > You also need to carry the private key, which is stored in
> > > ~/.gnupg if
> > > > you just created a public/private key set on your local
> > > machine. Just
> > > > copy the .gnupg/ to your stick and use the --homedir option
> > > to point
> > > > to it when decrypting.
> > > >
> > > > nick
> > >
> > >
> > > This is why I think an encrypted partition is a better
> > > solution, btw. Of
> > > course, you have to remember the password to decrypt the
> > > master key that
> > > decrypts the partition.
> > >
> > > http://www.saout.de/tikiwiki/tiki-index.php?page=LUKS
> > >
> > > -Brian
> > >
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://www.ale.org/mailman/listinfo/ale
> > >
> > >
> > >
> > > --
> > > This message has been scanned for viruses and
> > > dangerous content by MailScanner, and is
> > > believed to be clean.
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://www.ale.org/mailman/listinfo/ale
> > --
> > James P. Kinney III
> > CEO & Director of Engineering
> > Local Net Solutions,LLC
> > 770-493-8244
> > http://www.localnetsolutions.com
> >
> > GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> > < jkinney at localnetsolutions.com>
> > Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> >
> >
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
--
Greg Freemyer
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
First 99 Days Litigation White Paper -
http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf
The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com
More information about the Ale
mailing list