[119447] in North American Network Operators' Group
Re: Password repository
daemon@ATHENA.MIT.EDU (gordon b slater)
Thu Nov 19 09:07:51 2009
X-IP-MAIL-FROM: gordslater@ieee.org
From: gordon b slater <gordslater@ieee.org>
To: NANOG <nanog@nanog.org>
In-Reply-To: <5a318d410911182049u5a54945ase318a53b3a8a5035@mail.gmail.com>
Date: Thu, 19 Nov 2009 14:07:13 +0000
Reply-To: gordslater@ieee.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--=-iFLjBdV/83YwgaDLuhoX
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Wed, 2009-11-18 at 20:49 -0800, Darren Bolding wrote:
> Pwman
...which has the HUGE advantage of being CLI (so useable over SSH
sessions from network devices) and has tagging for searching large
databases of passes. pwman3 is current version. For most OSs.=20
I've even used it looped through a multitude of nested VTY+SSH+screen
sessions - one of which was a Dropbear sshd and client on a 20$ plastic
CPE - to save my sorry *ss =20
For GUIs:-
Keepassx for most OSs, and Keepass2.x on MS Windows
Password Gorilla is a nice one for end-users, most OSs
Bruce's Passwordsafe format is a somewhat de-facto standard for
import/export. Keepass can do a lot of conversion for you.=20
Some shops use rsync top distribute the masters and set them readonly at
filesystem - level though this tends to preclude regular rotation and
updating.=20
Beware that some of the commercial offerings are trivially broken or
otherwise borked for "work" use. ymmv
Whatever you use dump the file to a flat file (crypted of course) and
save a statically linked version of the app for those "wow - what
password app did we use way back in 2001?" moments.
Print a copy every month or so and store securely offsite too - all the
usual caveats apply. Once you have a super-duper app for them you tend
to crank the pw complexity up to a level where no-one can remember
anything nor even recognise regular ones; it's mainly cut and paste,
especially if you use X.
Unless of course, the OP meant RADIUS pulling on LDAP, PAM, etc ?=20
Gord
--
rommon 3 > You have reached the gateway of last resort. Abandon hope all
ye who press enter here
--=-iFLjBdV/83YwgaDLuhoX
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJCzCCAuAw
ggJJoAMCAQICEFvG/+/HmGc0xEniNkKz9IcwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCWkEx
JTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ
ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA5MDgwNTEwMzcyOVoXDTEwMDgwNTEwMzcy
OVowRTEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEiMCAGCSqGSIb3DQEJARYTZ29y
ZHNsYXRlckBpZWVlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBaxpw9bRz9
OqD83NQ/HabkLFNYuZp7V7ssrXwMVMNdVywQ8tfAsUiP7DoBmywHKvc/wssTKIQGNjn8DKycW1kR
o8QIeH+8ume3J7T/KV1X/yyef0YP2L6pwrlSVqJaiGanCT5oF7XYEUQAakDdpu9UFAjEIOWbLYhA
59IVKx1cKFhrsaPhbOLSFk13WReNjgBkNYTnzXIJ6tVozTaPegDxOn++9H7bwta7jGJfffEiKXsn
A64fSk870H1xH6XXUB8OXcpQl3J+o3PB3ObWTgzh3Aqp9QtYwQrd9nyndLxK3Jg1jjxnv2S0Y/0B
/8wWQNwkkRD7mUTYCJZfjKlS670CAwEAAaMwMC4wHgYDVR0RBBcwFYETZ29yZHNsYXRlckBpZWVl
Lm9yZzAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4GBADV4ebqR/XeXacnnqYoCt6PlYnVi
k0aV22iIRPNNwi66H9OPJ/pnSd6L2rvb4bnQqbqROhLBAJxHUfxoBWrPn/Fm1W5ovw0R5y7hKNX2
HFFc18pQsy/puDgc6vVcN6YflxlHiEnloLlspjRq2qFyBAlxpK1lb0rUUeeaITzMJJx5MIIC4DCC
AkmgAwIBAgIQW8b/78eYZzTESeI2QrP0hzANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJaQTEl
MCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl
cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDkwODA1MTAzNzI5WhcNMTAwODA1MTAzNzI5
WjBFMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSIwIAYJKoZIhvcNAQkBFhNnb3Jk
c2xhdGVyQGllZWUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FrGnD1tHP06
oPzc1D8dpuQsU1i5mntXuyytfAxUw11XLBDy18CxSI/sOgGbLAcq9z/CyxMohAY2OfwMrJxbWRGj
xAh4f7y6Z7cntP8pXVf/LJ5/Rg/YvqnCuVJWolqIZqcJPmgXtdgRRABqQN2m71QUCMQg5ZstiEDn
0hUrHVwoWGuxo+Fs4tIWTXdZF42OAGQ1hOfNcgnq1WjNNo96APE6f770ftvC1ruMYl998SIpeycD
rh9KTzvQfXEfpddQHw5dylCXcn6jc8Hc5tZODOHcCqn1C1jBCt32fKd0vErcmDWOPGe/ZLRj/QH/
zBZA3CSREPuZRNgIll+MqVLrvQIDAQABozAwLjAeBgNVHREEFzAVgRNnb3Jkc2xhdGVyQGllZWUu
b3JnMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEANXh5upH9d5dpyeepigK3o+VidWKT
RpXbaIhE803CLrof048n+mdJ3ovau9vhudCpupE6EsEAnEdR/GgFas+f8WbVbmi/DRHnLuEo1fYc
UVzXylCzL+m4OBzq9Vw3ph+XGUeISeWguWymNGraoXIECXGkrWVvStRR55ohPMwknHkwggM/MIIC
qKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy
biBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgw
JgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUg
UGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRo
YXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTEl
MCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl
cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSm
PFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnw
K4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e2
0TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDig
NqA0hjJodHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDAL
BgNVHQ8EBAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0G
CSqGSIb3DQEBBQUAA4GBAEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQc
UCCTcDz9reFhYsPZOhl+hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u
9uo05RAaWzVNd+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIDEDCCAwwCAQEwdjBiMQswCQYDVQQGEwJa
QTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3Rl
IFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEFvG/+/HmGc0xEniNkKz9IcwCQYFKw4DAhoF
AKCCAW8wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDkxMTE5MTQw
NzAzWjAjBgkqhkiG9w0BCQQxFgQUtfvYuOEf4N5YYSR+NXVbQp0WdOMwgYUGCSsGAQQBgjcQBDF4
MHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4x
LDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhBbxv/vx5hnNMRJ
4jZCs/SHMIGHBgsqhkiG9w0BCRACCzF4oHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0
ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp
bCBJc3N1aW5nIENBAhBbxv/vx5hnNMRJ4jZCs/SHMA0GCSqGSIb3DQEBAQUABIIBADR72YtlYSHt
zBAPRLkm9rU0oymt6H2mzAf8qdxmugTVPIWgVvQgfq7g3ZWcq4gAg0s6b5r8JOlzY/f9Hf35e9Ug
s33pm/vDil4Rh4DheeQQySAoqZ8+fvsaupjSN4sbuk+N5T0/cVA1oBtOLnf1XpZdNUC/KFPc/SoN
McpYHPTrHulo31kkUF7X8aUTGTk8OBNrRQ4S6HBw0Q2AqOelW29+G6fXzuN+DqGJ3AFwhnhESW29
MLqbOLa6TLrimil6I7VY60hy6VTOO+EKhYIecOOG4GoiL37sDGIwgbNSOuOs6d7MTVQgQhvPIpDq
9bTklfxdWgrDGe+DMOeVy4QFPNkAAAAAAAA=
--=-iFLjBdV/83YwgaDLuhoX--
