Mailing List Archive: NANOG: users

Password repository

Index | Next | Previous | View Threaded

zeusdadog at gmail

Nov 18, 2009, 7:56 PM

Post #1 of 19 (1463 views)
Permalink

Password repository

Quick question, does anyone have software/combination of tools they
recommend on centrally store various passwords securely?

Thanks.

dstorandt at teljet

Nov 18, 2009, 8:33 PM

Post #2 of 19 (1419 views)
Permalink

Re: Password repository [In reply to]

On a small scale, PasswordSafe from Sourceforge.

On Wed, Nov 18, 2009 at 10:56 PM, Jay Nakamura <zeusdadog [at] gmail> wrote:
> Quick question, does anyone have software/combination of tools they
> recommend on centrally store various passwords securely?
>
> Thanks.
>
>

--
--
David Storandt
CTO
TelJet Longhaul LLC
802-922-9503 (new DID)
802-264-3003 (fax)
dstorandt [at] teljet

darren at bolding

Nov 18, 2009, 8:49 PM

Post #3 of 19 (1420 views)
Permalink

Re: Password repository [In reply to]

Pwman

On 11/18/09, Jay Nakamura <zeusdadog [at] gmail> wrote:
> Quick question, does anyone have software/combination of tools they
> recommend on centrally store various passwords securely?
>
> Thanks.
>
>

--
Sent from my mobile device

-- Darren Bolding --
-- darren [at] bolding --

ddunkin at netos

Nov 18, 2009, 10:12 PM

Post #4 of 19 (1416 views)
Permalink

RE: Password repository [In reply to]

http://keepass.info

Works great in a multi-user environment.

-----Original Message-----
From: Jay Nakamura [mailto:zeusdadog [at] gmail]
Sent: Wednesday, November 18, 2009 19:57
To: NANOG
Subject: Password repository

Quick question, does anyone have software/combination of tools they
recommend on centrally store various passwords securely?

Thanks.

randy at psg

Nov 18, 2009, 10:34 PM

Post #5 of 19 (1415 views)
Permalink

Re: Password repository [In reply to]

> Quick question, does anyone have software/combination of tools they
> recommend on centrally store various passwords securely?

<old school>

ascii text file, gpg encrypted, only opened with emacs crypt++.el

randy

dwhite at olp

Nov 18, 2009, 11:11 PM

Post #6 of 19 (1417 views)
Permalink

Re: Password repository [In reply to]

On 19/11/09�15:34�+0900, Randy Bush wrote:
>> Quick question, does anyone have software/combination of tools they
>> recommend on centrally store various passwords securely?
>
><old school>
>
>ascii text file, gpg encrypted, only opened with emacs crypt++.el

From the network administrator perspective, we prefer to use a 3rd
party/central authentication system where feasible, to reduce the number of
passwords entries in our network from Users*Systems to
Users*Security_Domains, and keep a gpg encrypted file (and a physical copy)
in a safe location of rarely used admin/root passwords that we only
need in an emergency (e.g. when RADIUS goes down).

--
Dan White

regnauld at nsrc

Nov 19, 2009, 12:38 AM

Post #7 of 19 (1414 views)
Permalink

Re: Password repository [In reply to]

Jay Nakamura (zeusdadog) writes:
> Quick question, does anyone have software/combination of tools they
> recommend on centrally store various passwords securely?

Home built app with GELI (FreeBSD) encrypted disk image and automated
versioning of documents/secure stuff wih a VCS. Works fine in a multi
user context, but only one user can access it at a time.

bpfankuch at cpgreeley

Nov 19, 2009, 5:19 AM

Post #8 of 19 (1412 views)
Permalink

RE: Password repository [In reply to]

We have used Password Manager XP for quite some time. It supports different user roles, allows security to be set per folder, the encryption levels it supports are insane, and it allows for a "database password" and then user level authentication (which can be tied to NT authentication from the workstation). They also have a client for windows mobile devices. The client also runs in wine exceptionally well. You can configure it to do form filling, and you can define password expiration dates and it will remind you that passwords need changed. Also supports the ability to define a database log, so that all changes can be sent off to a log server. You can also add pretty detailed descriptions to the entry, and you can tie files into the entry as well. Works great for attaching a private key for access to servers via SSH. All of the displayed fields inside of each folder are completely customizable and quite easy to change. It supports multiple users pretty well, however we have had to restore the database from backups once when a user was writing to the database over SSLVPN and the connection dropped. We have used it with a max of about 20 people and it worked great for that number, however as your database gets larger and larger it does take a while to make some changes.

-----Original Message-----
From: Jay Nakamura [mailto:zeusdadog [at] gmail]
Sent: Wednesday, November 18, 2009 8:57 PM
To: NANOG
Subject: Password repository

Quick question, does anyone have software/combination of tools they recommend on centrally store various passwords securely?

Thanks.

gordslater at ieee

Nov 19, 2009, 6:07 AM

Post #9 of 19 (1413 views)
Permalink

Re: Password repository [In reply to]

On Wed, 2009-11-18 at 20:49 -0800, Darren Bolding wrote:
> Pwman

...which has the HUGE advantage of being CLI (so useable over SSH
sessions from network devices) and has tagging for searching large
databases of passes. pwman3 is current version. For most OSs.
I've even used it looped through a multitude of nested VTY+SSH+screen
sessions - one of which was a Dropbear sshd and client on a 20$ plastic
CPE - to save my sorry *ss

For GUIs:-
Keepassx for most OSs, and Keepass2.x on MS Windows
Password Gorilla is a nice one for end-users, most OSs

Bruce's Passwordsafe format is a somewhat de-facto standard for
import/export. Keepass can do a lot of conversion for you.
Some shops use rsync top distribute the masters and set them readonly at
filesystem - level though this tends to preclude regular rotation and
updating.

Beware that some of the commercial offerings are trivially broken or
otherwise borked for "work" use. ymmv

Whatever you use dump the file to a flat file (crypted of course) and
save a statically linked version of the app for those "wow - what
password app did we use way back in 2001?" moments.

Print a copy every month or so and store securely offsite too - all the
usual caveats apply. Once you have a super-duper app for them you tend
to crank the pw complexity up to a level where no-one can remember
anything nor even recognise regular ones; it's mainly cut and paste,
especially if you use X.

Unless of course, the OP meant RADIUS pulling on LDAP, PAM, etc ?

Gord

--
rommon 3 > You have reached the gateway of last resort. Abandon hope all
ye who press enter here

Attachments:

smime.p7s (3.09 KB)

bclark at spectraaccess

Nov 19, 2009, 6:25 AM

Post #10 of 19 (1415 views)
Permalink

Re: Password repository [In reply to]

Don't recall if it was mention but we use a nice little app called MyPMS
http://lvoware.com/. Put it on an internal system and then people have
to access via a VPN connection to browse into it. That way if a person
is no longer with the company, then their VPN has been turned off and
they don't have access to it anymore. The reason I like the app is it's
OS agnostic for the end user and keeps the data in an SQL DB.

On Thu, 2009-11-19 at 14:07 +0000, gordon b slater wrote:

> On Wed, 2009-11-18 at 20:49 -0800, Darren Bolding wrote:
> > Pwman
>
> ...which has the HUGE advantage of being CLI (so useable over SSH
> sessions from network devices) and has tagging for searching large
> databases of passes. pwman3 is current version. For most OSs.
> I've even used it looped through a multitude of nested VTY+SSH+screen
> sessions - one of which was a Dropbear sshd and client on a 20$ plastic
> CPE - to save my sorry *ss
>
> For GUIs:-
> Keepassx for most OSs, and Keepass2.x on MS Windows
> Password Gorilla is a nice one for end-users, most OSs
>
> Bruce's Passwordsafe format is a somewhat de-facto standard for
> import/export. Keepass can do a lot of conversion for you.
> Some shops use rsync top distribute the masters and set them readonly at
> filesystem - level though this tends to preclude regular rotation and
> updating.
>
> Beware that some of the commercial offerings are trivially broken or
> otherwise borked for "work" use. ymmv
>
> Whatever you use dump the file to a flat file (crypted of course) and
> save a statically linked version of the app for those "wow - what
> password app did we use way back in 2001?" moments.
>
> Print a copy every month or so and store securely offsite too - all the
> usual caveats apply. Once you have a super-duper app for them you tend
> to crank the pw complexity up to a level where no-one can remember
> anything nor even recognise regular ones; it's mainly cut and paste,
> especially if you use X.
>
>
> Unless of course, the OP meant RADIUS pulling on LDAP, PAM, etc ?
>
> Gord
>
> --
> rommon 3 > You have reached the gateway of last resort. Abandon hope all
> ye who press enter here
>
>
>

zeusdadog at gmail

Nov 19, 2009, 8:21 AM

Post #11 of 19 (1421 views)
Permalink

Re: Password repository [In reply to]

All,

I wasn't expecting the number of suggestions I got! Thanks all.

It looks like keepass is the popular choice by many. We are looking into that.

And those that suggested RADIUS, yes, I am moving towards that
direction for what can be moved to the RADIUS direction. However, we
also managed so many customer's equipment/web site
contents/application/networks as well that we can't use RADIUS in
those instances.

Again, I appreciate having this list to get ideas on various issues I
face everyday.

On Wed, Nov 18, 2009 at 10:56 PM, Jay Nakamura <zeusdadog [at] gmail> wrote:
> Quick question, does anyone have software/combination of tools they
> recommend on centrally store various passwords securely?
>
> Thanks.
>

jg at slash128

Nov 19, 2009, 8:31 AM

Post #12 of 19 (1413 views)
Permalink

RE: Password repository [In reply to]

I offer a free service: Send me all your passwords via encrypted email and I promise to keep them safe for you :-)

Ok, kidding aside we also use KeePass...

On Wed, Nov 18, 2009 at 10:56 PM, Jay Nakamura <zeusdadog [at] gmail> wrote:
> Quick question, does anyone have software/combination of tools they
> recommend on centrally store various passwords securely?
>
> Thanks.
>

http://slash128.com

jnegro at billtrust

Nov 19, 2009, 8:56 AM

Post #13 of 19 (1414 views)
Permalink

RE: Password repository [In reply to]

I've used phpchain in the past. It's a freeware you can get off of
sourceforge. It runs on a PHP server and stores the passwords per user,
blowfish encrypted. It hasn't been updated in a while, but I found it
simple, rather helpful, and easy to install and manage.

Jeff

-----Original Message-----
From: Jay Nakamura [mailto:zeusdadog [at] gmail]
Sent: Wednesday, November 18, 2009 10:57 PM
To: NANOG
Subject: Password repository

Quick question, does anyone have software/combination of tools they
recommend on centrally store various passwords securely?

Thanks.

dyoung at mesd

Nov 19, 2009, 9:53 AM

Post #14 of 19 (1413 views)
Permalink

Re: Password repository [In reply to]

On Wed, Nov 18, 2009 at 10:34 PM, Randy Bush <randy [at] psg> wrote:
>> Quick question, does anyone have software/combination of tools they
>> recommend on centrally store various passwords securely?
>
> <old school>
>
> ascii text file, gpg encrypted, only opened with emacs crypt++.el

Or if you prefer vim there is the gnupg.vim plugin:
http://www.vim.org/scripts/script.php?script_id=661

:-P

--
Dan Young <dyoung [at] mesd>
Multnomah ESD - Technology Services
503-257-1562

accesss801 at gmail

Nov 19, 2009, 10:31 PM

Post #15 of 19 (1396 views)
Permalink

Re: Password repository [In reply to]

I'm not sure if your only considering free software, but if not take a
look at password manager pro.

http://www.manageengine.com/products/passwordmanagerpro/download.html

Dan

On Nov 19, 2009, at 10:53 AM, Dan Young <dyoung [at] mesd> wrote:

> On Wed, Nov 18, 2009 at 10:34 PM, Randy Bush <randy [at] psg> wrote:
>>> Quick question, does anyone have software/combination of tools they
>>> recommend on centrally store various passwords securely?
>>
>> <old school>
>>
>> ascii text file, gpg encrypted, only opened with emacs crypt++.el
>
> Or if you prefer vim there is the gnupg.vim plugin:
> http://www.vim.org/scripts/script.php?script_id=661
>
> :-P
>
> --
> Dan Young <dyoung [at] mesd>
> Multnomah ESD - Technology Services
> 503-257-1562
>

nanog at maunier

Nov 19, 2009, 11:36 PM

Post #16 of 19 (1392 views)
Permalink

Re: Password repository [In reply to]

Jay Nakamura wrote:
> Quick question, does anyone have software/combination of tools they
> recommend on centrally store various passwords securely?
>
> Thanks.
>
>
I use opensource, multiplatforms softwares :

Keepass password file in a truecrypt container and it works as heaven
and securely.

Keepass for Windows : http://www.keepass.info/
Keepass for Linux/Mac OS : http://www.keepassx.org/

Truecrypt (all platforms) : http://www.truecrypt.org/

Pierre-Yves Maunier

jna at retina

Nov 19, 2009, 11:48 PM

Post #17 of 19 (1398 views)
Permalink

Re: Password repository [In reply to]

I'm a big fan of 1password, but I'm on mac and iPhone.

Sent from my iPhone

On Nov 19, 2009, at 23:36, Pierre-Yves Maunier <nanog [at] maunier>
wrote:

> Jay Nakamura wrote:
>> Quick question, does anyone have software/combination of tools they
>> recommend on centrally store various passwords securely?
>>
>> Thanks.
>>
>>
> I use opensource, multiplatforms softwares :
>
> Keepass password file in a truecrypt container and it works as
> heaven and securely.
>
> Keepass for Windows : http://www.keepass.info/
> Keepass for Linux/Mac OS : http://www.keepassx.org/
>
> Truecrypt (all platforms) : http://www.truecrypt.org/
>
>
> Pierre-Yves Maunier
>
>

kbroder at accretive-networks

Nov 19, 2009, 11:58 PM

Post #18 of 19 (1393 views)
Permalink

Re: Password repository [In reply to]

Pierre-Yves Maunier <nanog [at] maunier> wrote:

>Jay Nakamura wrote:
>> Quick question, does anyone have software/combination of tools they
>> recommend on centrally store various passwords securely?
>>
>> Thanks.
>>
>>
>I use opensource, multiplatforms softwares :
>
>Keepass password file in a truecrypt container and it works as heaven
>and securely.
>
>Keepass for Windows : http://www.keepass.info/
>Keepass for Linux/Mac OS : http://www.keepassx.org/
>
>Truecrypt (all platforms) : http://www.truecrypt.org/
>
>
>Pierre-Yves Maunier
>
>

beckman at angryox

Nov 20, 2009, 8:34 AM

Post #19 of 19 (1383 views)
Permalink

Re: Password repository [In reply to]

On Thu, 19 Nov 2009, John Adams wrote:

> I'm a big fan of 1password, but I'm on mac and iPhone.

I'll second that. 1Password truly is fabulous, though it's strength is
the Auto-website login feature with a hotkey. When in your browser,
Command+Option+\, type some characters of the site or description, hit
enter, and it opens your default browser, goes to the site and logs you
in. Integrates on all browsers: Safari, Firefox, Opera and others.

Supports secure notes, has a well designed strong password generator, can
be synced over the network to multiple other computers via Dropbox (or
whatever you want to use, rsync works too), and has great integration with
the iPhone as well as a browser-based client for use on non-Mac computers.

If you are not using a Mac, or are using a mixed bag of operating systems,
1Password is probably not best.

---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman [at] angryox http://www.angryox.com/
---------------------------------------------------------------------------

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads