1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-sysadm] sharing account access data
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20sharing%20account%20access%20data&In-Reply-To=%3CCA%2BCX%2BbgQhKjQag%2BrWi7RzYZSPtjsDTHmaxvZqHNZsmgor%2B6A8w%40mail.gmail.com%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="005016.html">
<LINK REL="Next" HREF="005018.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-sysadm] sharing account access data</H1>
<B>Pascal Terjan</B>
<A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20sharing%20account%20access%20data&In-Reply-To=%3CCA%2BCX%2BbgQhKjQag%2BrWi7RzYZSPtjsDTHmaxvZqHNZsmgor%2B6A8w%40mail.gmail.com%3E"
TITLE="[Mageia-sysadm] sharing account access data">pterjan at gmail.com
</A><BR>
<I>Fri Feb 15 16:45:48 CET 2013</I>
<P><UL>
<LI>Previous message: <A HREF="005016.html">[Mageia-sysadm] sharing account access data
</A></li>
<LI>Next message: <A HREF="005018.html">[Mageia-sysadm] sharing account access data
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#5017">[ date ]</a>
<a href="thread.html#5017">[ thread ]</a>
<a href="subject.html#5017">[ subject ]</a>
<a href="author.html#5017">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>On Fri, Feb 15, 2013 at 3:33 PM, nicolas vigier <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">boklm at mars-attacks.org</A>>wrote:
><i> On Fri, 15 Feb 2013, Pascal Terjan wrote:
</I>><i>
</I>><i> > On Fri, Feb 15, 2013 at 11:52 AM, nicolas vigier <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">boklm at mars-attacks.org</A>
</I>><i> >wrote:
</I>><i> >
</I>><i> > > On Fri, 15 Feb 2013, Pascal Terjan wrote:
</I>><i> > >
</I>><i> > > > On Fri, Feb 15, 2013 at 11:24 AM, nicolas vigier <
</I>><i> <A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">boklm at mars-attacks.org</A>
</I>><i> > > >wrote:
</I>><i> > > >
</I>><i> > > > > On Fri, 15 Feb 2013, Romain d'Alverny wrote:
</I>><i> > > > >
</I>><i> > > > > > Is there a tool/place (or plan to have it) to store and share
</I>><i> account
</I>><i> > > > > > data to various services (blogs, twitter, flickr, hosting
</I>><i> services,
</I>><i> > > > > > etc.)?
</I>><i> > > > > >
</I>><i> > > > > > A restricted wiki, or something that could handle groups?
</I>><i> > > > >
</I>><i> > > > > Not yet. But we could store on svn a file containing passwords,
</I>><i> > > encrypted
</I>><i> > > > > with gpg. Each team can create a gpg key and share it between all
</I>><i> team
</I>><i> > > > > members, and encrypt the passwords file with this key.
</I>><i> > > > >
</I>><i> > > > > I'm sure a better sstem has to exist, where you can revoke acces
</I>><i> for
</I>><i> > > > example :)
</I>><i> > >
</I>><i> > > Do you know one ?
</I>><i> >
</I>><i> >
</I>><i> > No but we can try to find one :)
</I>><i>
</I>><i> I tried to find one before, but didn't find something good. I was
</I>><i> thinking about making some scripts for that, but it's not high priority.
</I>><i> So using something simple like a shared gpg key would maybe be enough
</I>><i> for now.
</I>><i>
</I>><i> > Actually if the svn repository is not readable by people not in a given
</I>><i> > group that allows revoking access even if they still have a copy of the
</I>><i> > master key, but still in security/cryptography world I don't like
</I>><i> > reinventing things :)
</I>><i>
</I>><i> Maybe some systems allow to revoke access, but nothing prevent that
</I>><i> person from keeping a copy of all passwords before his access is
</I>><i> revoked. So only reliable way to revoke access is to change all
</I>><i> passwords.
</I>><i>
</I>
><i> If using a shared gpg key, to revoke access for someone we need to start
</I>><i> using a new key and change all passwords. That's not very convenient,
</I>><i> but hopefully we don't need to do that often.
</I>
Yes my problem was with the need to change the key when someone leaves the
team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20130215/4aabd80e/attachment.html>
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="005016.html">[Mageia-sysadm] sharing account access data
</A></li>
<LI>Next message: <A HREF="005018.html">[Mageia-sysadm] sharing account access data
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#5017">[ date ]</a>
<a href="thread.html#5017">[ thread ]</a>
<a href="subject.html#5017">[ subject ]</a>
<a href="author.html#5017">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
mailing list</a><br>
</body></html>
|
