Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#1654 Support for Multiple Windows Users

open
nobody
5
2013-04-21
2012-10-26
Josh Dawson
No

We are a small company that uses KeePass and we'd like to see support for logging in with various Windows credentials from our domain. Is this a feature that could be implemented easily? It would make KeePass a more feasible password storage solution in an enterprise.

Discussion

  • Paul
    Paul
    2012-10-27

    KeePass allows you to use the Windows User Account as a master password, but it cannot create a shared password for a common database.
    http://keepass.info/help/base/keys.html#winuser

    cheers, Paul

     
  • Iain Hallam
    Iain Hallam
    2013-02-08

    This would be really useful, especially if we could control access to entries/entry groups via Active Directory security groups.

     
  • Paul
    Paul
    2013-02-09

    The KeePass encryption model does not allow multiple levels of access. You can either use the database or not.
    You need something other than KeePass is you want multi level access.

    cheers, Paul

     
  • Geoff
    Geoff
    2013-04-18

    I've just noticed the Windows user KeePass functionality.

    Does it not just use the GUID for the windows account? or similar? Could there not be an option to allow access if the user is a member of a certain AD group?

    That way we could grant or deny access to KeePass databases via active directory groups, and becuase there is no password, employees can't 'Steal' the entire database if they leave!

    No AD group membership = no kepass access!

    It would be an AMAZING feature!

     
  • Geoff
    Geoff
    2013-04-18

    ...I'm sure groups have GUIDs like user accounts do?

    Surley we could have a button to allow us to pic a group, then associate the kepass database with that instead of user guid?

     
  • Paul
    Paul
    2013-04-21

    No, KeePass uses a key created by Windows. There is no equivalent for AD groups.

    This has been suggested before and the recommended solution would be for someone to write a plug-in. No-one has attempted this AFAIK.

    cheers, Paul