Don't recall if it was mention but we use a nice little app called MyPMS http://lvoware.com/. Put it on an internal system and then people have to access via a VPN connection to browse into it. That way if a person is no longer with the company, then their VPN has been turned off and they don't have access to it anymore. The reason I like the app is it's OS agnostic for the end user and keeps the data in an SQL DB. On Thu, 2009-11-19 at 14:07 +0000, gordon b slater wrote:
On Wed, 2009-11-18 at 20:49 -0800, Darren Bolding wrote:
Pwman
...which has the HUGE advantage of being CLI (so useable over SSH sessions from network devices) and has tagging for searching large databases of passes. pwman3 is current version. For most OSs. I've even used it looped through a multitude of nested VTY+SSH+screen sessions - one of which was a Dropbear sshd and client on a 20$ plastic CPE - to save my sorry *ss
For GUIs:- Keepassx for most OSs, and Keepass2.x on MS Windows Password Gorilla is a nice one for end-users, most OSs
Bruce's Passwordsafe format is a somewhat de-facto standard for import/export. Keepass can do a lot of conversion for you. Some shops use rsync top distribute the masters and set them readonly at filesystem - level though this tends to preclude regular rotation and updating.
Beware that some of the commercial offerings are trivially broken or otherwise borked for "work" use. ymmv
Whatever you use dump the file to a flat file (crypted of course) and save a statically linked version of the app for those "wow - what password app did we use way back in 2001?" moments.
Print a copy every month or so and store securely offsite too - all the usual caveats apply. Once you have a super-duper app for them you tend to crank the pw complexity up to a level where no-one can remember anything nor even recognise regular ones; it's mainly cut and paste, especially if you use X.
Unless of course, the OP meant RADIUS pulling on LDAP, PAM, etc ?
Gord
-- rommon 3 > You have reached the gateway of last resort. Abandon hope all ye who press enter here