Is there a way to enforce KeePassRPC options (KeePass security level, Minimum acceptable client security level, Authorisation expires after) in KeePass? Was looking for relevant settings in the enforced config file, but could not find any.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The enforced config file (keepass.config.enforced.xml) only contains settings that the user manually adds to it. The active keepass.config.xml file contains the set of recent KeePassRPC settings. Whether the file is a global or local file depends on the KeePass setup. For additional KeePass configuration details, see https://keepass.info/help/base/configuration.html
The Custom element of the active config file contains individual KeePassRPC settings. See below. KeePassRPC does not seem to honor enforced settings in the same way that KeePass does. KeePassRPC settings are enforced at each KeePass startup, but the user can change settings that don't require a restart during a KeePass session.
Thanks wellread1, this is helpful. Can you think of a way to enforce these security settings in between KeePass startups as well (i.e. not allowing users to change them during KeePass sessions) or this "enforce at KeePass startup" approach is the best enforcement option available for these KeePassRPC security settings?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Since I don't use KeePassRPC you should confirm my KeePassRPC session observations. If you confirm that settings aren't enforced during a session you will need to submit a feature request to the KeePassRPC project. The issues page is https://github.com/kee-org/keepassrpc/issues.
KeePass disables selection of enforced options during a KeePass session. KeePassRPC would need to implement this or something similar.
Last edit: wellread1 2021-07-20
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Is there a way to enforce KeePassRPC options (KeePass security level, Minimum acceptable client security level, Authorisation expires after) in KeePass? Was looking for relevant settings in the enforced config file, but could not find any.
The enforced config file (keepass.config.enforced.xml) only contains settings that the user manually adds to it. The active keepass.config.xml file contains the set of recent KeePassRPC settings. Whether the file is a global or local file depends on the KeePass setup. For additional KeePass configuration details, see https://keepass.info/help/base/configuration.html
The Custom element of the active config file contains individual KeePassRPC settings. See below. KeePassRPC does not seem to honor enforced settings in the same way that KeePass does. KeePassRPC settings are enforced at each KeePass startup, but the user can change settings that don't require a restart during a KeePass session.
Thanks wellread1, this is helpful. Can you think of a way to enforce these security settings in between KeePass startups as well (i.e. not allowing users to change them during KeePass sessions) or this "enforce at KeePass startup" approach is the best enforcement option available for these KeePassRPC security settings?
Since I don't use KeePassRPC you should confirm my KeePassRPC session observations. If you confirm that settings aren't enforced during a session you will need to submit a feature request to the KeePassRPC project. The issues page is https://github.com/kee-org/keepassrpc/issues.
KeePass disables selection of enforced options during a KeePass session. KeePassRPC would need to implement this or something similar.
Last edit: wellread1 2021-07-20