[ale] How do you store your passwords?

Greg Freemyer greg.freemyer at gmail.com
Mon Nov 12 10:05:52 EST 2007 

Aiui, openid is exclusively for authorizing web-based apps.

Is there an effort to integrate it into ssh, sftp, local login, etc.?

On Nov 12, 2007 9:48 AM, Charles Shapiro <hooterpincher at gmail.com> wrote:
> Ooh,ooh,you should've been at the Atlanta BarCamp!
>
>  Saw a presentation there on OpenID ( http://openid.net/ ). It's real
> interesting.  The guy doin' the presentation was working on group ids as
> well. I signed up ( http://myopenid.com ), although alas not too many sites
> use it..
>
>  -- CHS
>
>
> On 11/10/07, James P. Kinney III <jkinney at localnetsolutions.com> wrote:
> > I haven't seen one in existence (doesn't mean it's not available) but a
> > system that would store passwords and deliver them inline (i.e. input
> > them at the prompt without the admin user ever seeing or knowing the
> > password) would be quite useful.
> >
> > So instead of a direct ssh or su session, there is a wrapper that
> > prompts for the admin users password (for sudo) that then decrypts the
> > appropriate machine password and performs the login then return console
> > back to the admin. Maybe something that gives back sudosh for audit
> > purposes.
> >
> > On Sat, 2007-11-10 at 09:13 -0500, Jerry Yu wrote:
> > > so far this is talking about keeping for personal use.  What about for
> > > group sharing? Are there a free/oss/commercial tools to have the
> > > following features.   GnuPG or PGP carries many of these features. Is
> > > a good wrapper  of GnuPG for this?
> > >      1. condentiality: encryption (AES, 3DES, blowfish, crypt, etc.)
> > >      2. authentication: indivual access key to the basically same file
> > >      3. authorization: grant/revoke access w/o touching the secret
> > >         file(s)
> > >      4. audit: audit trail of r/w or r/o access
> > >      5. audit: version control
> > >      6. availabilty: ease of publishing or distribution
> > >      7. availability: DR (what if individual key/token get lost & what
> > >         about master key/phrase/secureID get lost)
> > >      8. integrity: mechanism to verify authenticity & integrity of the
> > >         file
> > >
> > > On Nov 9, 2007 5:35 PM, Brian Pitts <brian at polibyte.com> wrote:
> > >         Nick Ali wrote:
> > >         > On Nov 9, 2007 4:46 PM, Paul Cartwright <
> > >         ale at pcartwright.com> wrote:
> > >         >> I can take that FILENAME.gpg, put it on my USB stick, and
> > >         carry it around
> > >         >> safely.. I  think..
> > >         >
> > >         > You also need to carry the private key, which is stored in
> > >         ~/.gnupg if
> > >         > you just created a public/private key set on your local
> > >         machine. Just
> > >         > copy the .gnupg/ to your stick and use the --homedir option
> > >         to point
> > >         > to it when decrypting.
> > >         >
> > >         > nick
> > >
> > >
> > >         This is why I think an encrypted partition is a better
> > >         solution, btw. Of
> > >         course, you have to remember the password to decrypt the
> > >         master key that
> > >         decrypts the partition.
> > >
> > >         http://www.saout.de/tikiwiki/tiki-index.php?page=LUKS
> > >
> > >         -Brian
> > >
> > >         _______________________________________________
> > >         Ale mailing list
> > >         Ale at ale.org
> > >         http://www.ale.org/mailman/listinfo/ale
> > >
> > >
> > >
> > > --
> > > This message has been scanned for viruses and
> > > dangerous content by MailScanner, and is
> > > believed to be clean.
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://www.ale.org/mailman/listinfo/ale
> > --
> > James P. Kinney III
> > CEO & Director of Engineering
> > Local Net Solutions,LLC
> > 770-493-8244
> > http://www.localnetsolutions.com
> >
> > GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> > < jkinney at localnetsolutions.com>
> > Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> >
> >
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>



-- 
Greg Freemyer
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
First 99 Days Litigation White Paper -
http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf

The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com

More information about the Ale mailing list