I'm using Password Safe since yesterday :), a kind of tool I was always looking for. However, I would like to use it as an ultimate password management tool for all admins. For that it would be nice to have some features in order to prevent information leakage and also an integrity prevention. It would be nice to be able to protect groups with passwords. Also a change of specific passwords. It would be nice to know if there is a need for these two things (or some more) outthere?
Are you proposing an enterprise Password Safe - one instance accessible by many but restricted to their views by their logon ID group?
By integrity prevention, do you mean an audit trail showing Who did what when?
Not being the developer myself, but I would think you're looking at a major re-write $$$$$.
I don't think CA even has gone that far in security management, have they?
> Are you proposing an enterprise Password Safe -
> one instance accessible by many but restricted to
> their views by their logon ID group?
The problem we have now is that we have too many passwords (~50) at different security levels, which all should be possibly good. No way to remembering all of them. We want to manage and distribute passwords centrally. One file which would be mailed around whenever a password has been created or reset would be nice. If we could password protect the groups then we could send the file also to our apprentices without considerations they could access systems they shouldn't.
> By integrity prevention, do you mean an audit trail
> showing Who did what when?
No, sorry, I mean simply to deny or password protect the write access for now.
> Not being the developer myself, but I would think
> you're looking at a major re-write $$$$$.
Interesting ideas. If I were developing PasswordSafe as a commercial product, I'd certainly look into these areas.
I'd like to keep PasswordSafe focused on the individual user, though. Making it more enterprise-oriented would come at the expense of the individual, in terms of complexity and code size.
Lately (in 2.08) I've added protection against multiple read-write access, since this is useful also for the single user who inadvertantly opens the same database twice. This is also useful for a network-based database used by several administrators.
I'm not sure I fully understood your specific requirements, but I would consider implementing the partitioning you need by means of several small databases, e.g., one for each group.
Of course, you're more than welcome to implement the functionality you require using the PasswordSafe code base. Perhaps we can spilt off a separate admin or multi-user product...
> Of course, you're more than welcome to implement the
> functionality you require using the PasswordSafe code
> base. Perhaps we can spilt off a separate admin or
> multi-user product...
Oh I'd love to if I could. However, at the moment I have only limited C skills and good shell, perl, python and php skills. Typically admin, one may say ;) . It is definatelly a long term goal of mine to learn better programming but for now I must concede having not enough time and will leaving my guitars to spend more time alone that they allready do ;).
An obvious workaround is to create a database for each group.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.