diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/attachments/20130215/4aabd80e/attachment-0001.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/attachments/20130215/4aabd80e/attachment-0001.html | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/attachments/20130215/4aabd80e/attachment-0001.html b/zarb-ml/mageia-sysadm/attachments/20130215/4aabd80e/attachment-0001.html new file mode 100644 index 000000000..60d8d60d8 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20130215/4aabd80e/attachment-0001.html @@ -0,0 +1,49 @@ +<br><br><div class="gmail_quote">On Fri, Feb 15, 2013 at 3:33 PM, nicolas vigier <span dir="ltr"><<a href="mailto:boklm@mars-attacks.org" target="_blank">boklm@mars-attacks.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> + +<div class="im">On Fri, 15 Feb 2013, Pascal Terjan wrote:<br> +<br> +> On Fri, Feb 15, 2013 at 11:52 AM, nicolas vigier <<a href="mailto:boklm@mars-attacks.org">boklm@mars-attacks.org</a>>wrote:<br> +><br> +> > On Fri, 15 Feb 2013, Pascal Terjan wrote:<br> +> ><br> +> > > On Fri, Feb 15, 2013 at 11:24 AM, nicolas vigier <<a href="mailto:boklm@mars-attacks.org">boklm@mars-attacks.org</a><br> +> > >wrote:<br> +> > ><br> +> > > > On Fri, 15 Feb 2013, Romain d'Alverny wrote:<br> +> > > ><br> +> > > > > Is there a tool/place (or plan to have it) to store and share account<br> +> > > > > data to various services (blogs, twitter, flickr, hosting services,<br> +> > > > > etc.)?<br> +> > > > ><br> +> > > > > A restricted wiki, or something that could handle groups?<br> +> > > ><br> +> > > > Not yet. But we could store on svn a file containing passwords,<br> +> > encrypted<br> +> > > > with gpg. Each team can create a gpg key and share it between all team<br> +> > > > members, and encrypt the passwords file with this key.<br> +> > > ><br> +> > > > I'm sure a better sstem has to exist, where you can revoke acces for<br> +> > > example :)<br> +> ><br> +> > Do you know one ?<br> +><br> +><br> +> No but we can try to find one :)<br> +<br> +</div>I tried to find one before, but didn't find something good. I was<br> +thinking about making some scripts for that, but it's not high priority.<br> +So using something simple like a shared gpg key would maybe be enough<br> +for now.<br> +<div class="im"><br> +> Actually if the svn repository is not readable by people not in a given<br> +> group that allows revoking access even if they still have a copy of the<br> +> master key, but still in security/cryptography world I don't like<br> +> reinventing things :)<br> +<br> +</div>Maybe some systems allow to revoke access, but nothing prevent that<br> +person from keeping a copy of all passwords before his access is<br> +revoked. So only reliable way to revoke access is to change all<br> +passwords.<br></blockquote><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> +If using a shared gpg key, to revoke access for someone we need to start<br> +using a new key and change all passwords. That's not very convenient,<br> +but hopefully we don't need to do that often.</blockquote><div><br></div><div>Yes my problem was with the need to change the key when someone leaves the team</div></div> |