Support for Multiple Windows Users
A lightweight and easy-to-use password manager
Brought to you by:
dreichl
We are a small company that uses KeePass and we'd like to see support for logging in with various Windows credentials from our domain. Is this a feature that could be implemented easily? It would make KeePass a more feasible password storage solution in an enterprise.
KeePass allows you to use the Windows User Account as a master password, but it cannot create a shared password for a common database.
http://keepass.info/help/base/keys.html#winuser
cheers, Paul
This would be really useful, especially if we could control access to entries/entry groups via Active Directory security groups.
The KeePass encryption model does not allow multiple levels of access. You can either use the database or not.
You need something other than KeePass is you want multi level access.
cheers, Paul
I've just noticed the Windows user KeePass functionality.
Does it not just use the GUID for the windows account? or similar? Could there not be an option to allow access if the user is a member of a certain AD group?
That way we could grant or deny access to KeePass databases via active directory groups, and becuase there is no password, employees can't 'Steal' the entire database if they leave!
No AD group membership = no kepass access!
It would be an AMAZING feature!
...I'm sure groups have GUIDs like user accounts do?
Surley we could have a button to allow us to pic a group, then associate the kepass database with that instead of user guid?
No, KeePass uses a key created by Windows. There is no equivalent for AD groups.
This has been suggested before and the recommended solution would be for someone to write a plug-in. No-one has attempted this AFAIK.
cheers, Paul
I can see a huge benefit for keepas to allow domain groups access. There isn't any other party that is as simple and useful as keepass right now, and adding domain req's would be huge.
I know for my company, 2,600 employee's, we would absolutely use the feature.
Then fund its development via a plug-in.
You could try the MultiCertKeyProvider or use it as a template for a group membership key.
http://keepass.info/plugins.html#multicertkeyprov
cheers, Paul