[thelist] password management application

John DeStefano john.destefano at gmail.com
Sat May 26 15:15:55 CDT 2007


> From: Mark Groen <evolt at markgroen.com>
> > > I have an interesting request to determine the feasibility of a data
> > > "management" application that would provide an interface for password
> > > management and encryption.  I wonder if something similar already
> > > exists, or if you have any thoughts on how this could be done.
>
> At first blush, thought you might be looking for something like a single sign
> on app such as Sxip http://www.sxip.com/

We're using WebAuth, with Kerberos, as SSO.  We have gotten it to work
with a few things, but we've far from mastered it.

> > > The application would:
> > > - present an interface for password entry and retrieval
> > > - allow users to enter a password
> > > - encrypt that password using multiple GPG/PGP public keys
>
> So far it sounds like a normal database using encryption instead of just an
> md5 hash. Not exactly sure what you mean by multiple keys.

I just mean that the password string should be encrypted using more
than one key (namely, those of all the users in the group) as opposed
to just one key, so that any of the users can use their own key to
decrypt the string.

> > > - allow users to retrieve encrypted passwords (and decrypt them using
> > > their GPG/PGP key)
> > > - inform the "owner" of a password that has been retrieved by someone
> > > (so they have the option of changing it)
>
> Getting kind of lost now, why would password be able to be retrieved by
> someone else other than the owner?

These strings are system passwords: each system has an "owner" that
sets and maintains  a password for their system.  When these owners
are unavailable, someone should be able to gain access to their
password, but the owner should be notified about this (so that they
can change the password if they want).

> > > Optimally, the app would automate the decryption for the user, but
> > > that is not a "requirement".
> > >
> > > Any thoughts on how to go about this?
>
> Just a reminder that the list is fairly vacant on weekends...almost sounds
> like when I run the command system-config-authentication and the appy that
> runs locally, must be something similar for Windows too - but you're talking
> about a web https thing though yes?

Yup: it should be web-accessible to all the users in this group.
These are all Linux systems, so a Linux-centric solution would be just
fine... as long as it were not specific to a single system.

> Off to the weekend races myself, sorry can't help more...

No problem.  Hope you enjoy the races!  and the holiday weekend (here
in the U.S.: don't forget what the holiday stands for, and what it
means to you!).

~John



More information about the thelist mailing list