1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-sysadm] Saving and sharing passwords in mageia teams
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Saving%20and%20sharing%20passwords%20in%20mageia%20teams&In-Reply-To=%3C20110218214502.GO21938%40mars-attacks.org%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="002875.html">
<LINK REL="Next" HREF="002781.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-sysadm] Saving and sharing passwords in mageia teams</H1>
<B>nicolas vigier</B>
<A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Saving%20and%20sharing%20passwords%20in%20mageia%20teams&In-Reply-To=%3C20110218214502.GO21938%40mars-attacks.org%3E"
TITLE="[Mageia-sysadm] Saving and sharing passwords in mageia teams">boklm at mars-attacks.org
</A><BR>
<I>Fri Feb 18 22:45:02 CET 2011</I>
<P><UL>
<LI>Previous message: <A HREF="002875.html">[Mageia-sysadm] Cron <root at krampouezh> /usr/sbin/urpmi.update -a -q
</A></li>
<LI>Next message: <A HREF="002781.html">[Mageia-sysadm] Automated Reply Re: " Saving and sharing passwords in mageia teams"
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#2780">[ date ]</a>
<a href="thread.html#2780">[ thread ]</a>
<a href="subject.html#2780">[ subject ]</a>
<a href="author.html#2780">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Hello,
We often need to register some accounts on various websites for the
Mageia project (domain name registration, twitter, identica, etc ...).
And we need to be able to share the account informations (login and
password) with other people inside teams. So we need something like a
password database, with permissions to restrict access to only some
people or groups of people. We can store this database on Mageia servers,
but I think it should be encrypted, so that root access on the server
does not give access to the passwords.
I have looked at existing tools, but didn't find one that would allow
us to do this easily. So I'm thinking about writting some scripts to do
it. It would work like this :
- all users first need to upload their gnupg public key in ldap
- we have a command to create a password on the server, with a list
of groups/users who can access this password :
$ mgapassword create passwdname %group1 %group2 user1 user2 ...
- a command to save the value of a password :
$ mgapassword set passwdname < value
or
$ mgapassword edit passwdname
- an other command to retrieve a password :
$ mgapassword get passwdname
- a command to list the passwords you can access :
$ mgapassword list
All commands connect to the server using ssh and the ldap account. When
saving a password, the client ask to the server the list of gpg keys of
all users who should have access to the password, then encrypt the
password with all keys and send it encrypted to the server.
The command to retrieve a password connect to the server, then the server
sends the password encrypted for the key of the user, which is decrypted
locally using the private gpg key of the user.
When new users are added into a group, they cannot access passwords
immediatly (as it is not encrypted for their keys), so someone needs to
retrieve and save the passwords, to encrypt them for the new users.
So, what do you think about this ? Or maybe someone knows existing tools
that can do this ?
Nicolas
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="002875.html">[Mageia-sysadm] Cron <root at krampouezh> /usr/sbin/urpmi.update -a -q
</A></li>
<LI>Next message: <A HREF="002781.html">[Mageia-sysadm] Automated Reply Re: " Saving and sharing passwords in mageia teams"
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#2780">[ date ]</a>
<a href="thread.html#2780">[ thread ]</a>
<a href="subject.html#2780">[ subject ]</a>
<a href="author.html#2780">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
mailing list</a><br>
</body></html>
|
