diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/2013-February/005017.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/2013-February/005017.html | 121 |
1 files changed, 121 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2013-February/005017.html b/zarb-ml/mageia-sysadm/2013-February/005017.html new file mode 100644 index 000000000..bc60f1264 --- /dev/null +++ b/zarb-ml/mageia-sysadm/2013-February/005017.html @@ -0,0 +1,121 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] sharing account access data + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20sharing%20account%20access%20data&In-Reply-To=%3CCA%2BCX%2BbgQhKjQag%2BrWi7RzYZSPtjsDTHmaxvZqHNZsmgor%2B6A8w%40mail.gmail.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="005016.html"> + <LINK REL="Next" HREF="005018.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] sharing account access data</H1> + <B>Pascal Terjan</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20sharing%20account%20access%20data&In-Reply-To=%3CCA%2BCX%2BbgQhKjQag%2BrWi7RzYZSPtjsDTHmaxvZqHNZsmgor%2B6A8w%40mail.gmail.com%3E" + TITLE="[Mageia-sysadm] sharing account access data">pterjan at gmail.com + </A><BR> + <I>Fri Feb 15 16:45:48 CET 2013</I> + <P><UL> + <LI>Previous message: <A HREF="005016.html">[Mageia-sysadm] sharing account access data +</A></li> + <LI>Next message: <A HREF="005018.html">[Mageia-sysadm] sharing account access data +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#5017">[ date ]</a> + <a href="thread.html#5017">[ thread ]</a> + <a href="subject.html#5017">[ subject ]</a> + <a href="author.html#5017">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On Fri, Feb 15, 2013 at 3:33 PM, nicolas vigier <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">boklm at mars-attacks.org</A>>wrote: + +><i> On Fri, 15 Feb 2013, Pascal Terjan wrote: +</I>><i> +</I>><i> > On Fri, Feb 15, 2013 at 11:52 AM, nicolas vigier <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">boklm at mars-attacks.org</A> +</I>><i> >wrote: +</I>><i> > +</I>><i> > > On Fri, 15 Feb 2013, Pascal Terjan wrote: +</I>><i> > > +</I>><i> > > > On Fri, Feb 15, 2013 at 11:24 AM, nicolas vigier < +</I>><i> <A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">boklm at mars-attacks.org</A> +</I>><i> > > >wrote: +</I>><i> > > > +</I>><i> > > > > On Fri, 15 Feb 2013, Romain d'Alverny wrote: +</I>><i> > > > > +</I>><i> > > > > > Is there a tool/place (or plan to have it) to store and share +</I>><i> account +</I>><i> > > > > > data to various services (blogs, twitter, flickr, hosting +</I>><i> services, +</I>><i> > > > > > etc.)? +</I>><i> > > > > > +</I>><i> > > > > > A restricted wiki, or something that could handle groups? +</I>><i> > > > > +</I>><i> > > > > Not yet. But we could store on svn a file containing passwords, +</I>><i> > > encrypted +</I>><i> > > > > with gpg. Each team can create a gpg key and share it between all +</I>><i> team +</I>><i> > > > > members, and encrypt the passwords file with this key. +</I>><i> > > > > +</I>><i> > > > > I'm sure a better sstem has to exist, where you can revoke acces +</I>><i> for +</I>><i> > > > example :) +</I>><i> > > +</I>><i> > > Do you know one ? +</I>><i> > +</I>><i> > +</I>><i> > No but we can try to find one :) +</I>><i> +</I>><i> I tried to find one before, but didn't find something good. I was +</I>><i> thinking about making some scripts for that, but it's not high priority. +</I>><i> So using something simple like a shared gpg key would maybe be enough +</I>><i> for now. +</I>><i> +</I>><i> > Actually if the svn repository is not readable by people not in a given +</I>><i> > group that allows revoking access even if they still have a copy of the +</I>><i> > master key, but still in security/cryptography world I don't like +</I>><i> > reinventing things :) +</I>><i> +</I>><i> Maybe some systems allow to revoke access, but nothing prevent that +</I>><i> person from keeping a copy of all passwords before his access is +</I>><i> revoked. So only reliable way to revoke access is to change all +</I>><i> passwords. +</I>><i> +</I> + +><i> If using a shared gpg key, to revoke access for someone we need to start +</I>><i> using a new key and change all passwords. That's not very convenient, +</I>><i> but hopefully we don't need to do that often. +</I> + +Yes my problem was with the need to change the key when someone leaves the +team +-------------- next part -------------- +An HTML attachment was scrubbed... +URL: </pipermail/mageia-sysadm/attachments/20130215/4aabd80e/attachment.html> +</PRE> + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="005016.html">[Mageia-sysadm] sharing account access data +</A></li> + <LI>Next message: <A HREF="005018.html">[Mageia-sysadm] sharing account access data +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#5017">[ date ]</a> + <a href="thread.html#5017">[ thread ]</a> + <a href="subject.html#5017">[ subject ]</a> + <a href="author.html#5017">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |