[nycbug-talk] password repository
Isaac Levy
ike at lesmuug.org
Thu Dec 31 14:09:57 EST 2009
On Dec 31, 2009, at 12:13 PM, Jesse Callaway wrote:
> On Wed, Dec 30, 2009 at 11:46 AM, Okan Demirmen <okan at demirmen.com> wrote:
>> what do you all use, recommend, love, hate?
>>
>> what about "shared" repositories in environments where you have a bunch
>> of sysadmins, all of whom should be able to view/add/modify entires and
>> such?
>>
>> while this is off-BSD topic, i'm sure all of us have run into such a
>> question at some point.
>>
>> cheers,
>> okan
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
>>
>
>
> I've talked about multi-key encryption but it looks like a pain in the
> butt to me typing-wise, never used it. Here's a link to a message
> thread on how to do it with gpg
> http://lists.gnupg.org/pipermail/gnupg-users/2003-September/020170.html
> The thought is you can spam everyone, and everyone can spam back
> regarding changes and it's encrypted n-ways. As computers get faster I
> think this technology will start to catch on. That said, I never tried
> it and it might be reasonably fast up to some number of keys.
PKI dreaminess :)
Ideally, PKI does seem to deal with this problem in a most ideal fashion- but it doesn't sound like it scales back/forth well for dynamic groups over time- (e.g. Sysadmins in a group/work enviornment, people coming/going, etc...). For example, what to do when someone leaves the group? Or how does a new user get access to the old data, (before their key was put in the mix?).
The version control stuff is awesome for those cases where you've just come across a problem with a router/server/blah whose only access uses cridentials for people who no longer exist in your enviornment- and left far before you came onboard... To any size group, this can be a serious case.
Hrm. There has to be some old slick PKI paper or software which attacks this exact problem with PKI slickness?
>
> The best web-based thing I've found was PassPack. It's totally
> awesome. Each user has their own login to PassPack. Users can share
> passwords and assign read/write privileges to them per item being
> shared.
Hrm? I dug around for it online and there's tons of other noise... Sounds awful dangerous, but interesting-
Rocket-
.ike
More information about the talk
mailing list