KeePass / Feature Requests / #1654 Support for Multiple Windows Users

#1654 Support for Multiple Windows Users

Status: open

Owner: nobody

Labels: General Feature Requests (745)

Priority: 5

Updated: 2015-07-15

Created: 2012-10-26

Creator: Josh Dawson

Private: No

We are a small company that uses KeePass and we'd like to see support for logging in with various Windows credentials from our domain. Is this a feature that could be implemented easily? It would make KeePass a more feasible password storage solution in an enterprise.

Discussion

Paul - 2012-10-27

KeePass allows you to use the Windows User Account as a master password, but it cannot create a shared password for a common database.
http://keepass.info/help/base/keys.html#winuser

cheers, Paul

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Iain Hallam - 2013-02-08

This would be really useful, especially if we could control access to entries/entry groups via Active Directory security groups.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Paul - 2013-02-09

The KeePass encryption model does not allow multiple levels of access. You can either use the database or not.
You need something other than KeePass is you want multi level access.

cheers, Paul

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Geoff - 2013-04-18

I've just noticed the Windows user KeePass functionality.

Does it not just use the GUID for the windows account? or similar? Could there not be an option to allow access if the user is a member of a certain AD group?

That way we could grant or deny access to KeePass databases via active directory groups, and becuase there is no password, employees can't 'Steal' the entire database if they leave!

No AD group membership = no kepass access!

It would be an AMAZING feature!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Geoff - 2013-04-18

...I'm sure groups have GUIDs like user accounts do?

Surley we could have a button to allow us to pic a group, then associate the kepass database with that instead of user guid?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Paul - 2013-04-21

No, KeePass uses a key created by Windows. There is no equivalent for AD groups.

This has been suggested before and the recommended solution would be for someone to write a plug-in. No-one has attempted this AFAIK.

cheers, Paul

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Richard Gunn - 2015-07-14

I can see a huge benefit for keepas to allow domain groups access. There isn't any other party that is as simple and useful as keepass right now, and adding domain req's would be huge.

I know for my company, 2,600 employee's, we would absolutely use the feature.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Paul - 2015-07-15

Then fund its development via a plug-in.
You could try the MultiCertKeyProvider or use it as a template for a group membership key.
http://keepass.info/plugins.html#multicertkeyprov

cheers, Paul

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.