User Account Specification

Popular easy-to-use and secure password manager

Brought to you by: ronys

#409 User Account Specification

Status: open

Owner: Rony Shapiro

Labels: Interface Improvements (295)

Priority: 7

Updated: 2024-03-20

Created: 2007-07-18

Creator: SanMan_Lite

Private: No

I am looking into a few different utilities to manage passwords for a group of techs. I have bee using this utility for quite some time, but now have a need for additional functionality.

I would like to suggest that you include some type of account creation or access control (Maybe even LDAP or AD Integration) so that many people can be given access to use the passwords, but only a select few can make additions or changes to the safe.

With this functionality, my company would be willing to pay to license this product if that became necessary. Otherwise, I would at least pledge a donation myself.

Regards,
Steve

Discussion

Rony Shapiro - 2007-07-18

Logged In: YES
user_id=370700
Originator: NO

Interesting idea.

Even if I implement such functionality, what's to prevent an unauthorized user from using the "vanilla" version of PasswordSafe to make unauthorized changes to the safe?

Solving this problem requires modifications to the file format. I can do this for a fee, if you're interested.

Alternately, perhaps you can implement this level of access control via ACLs on the passwordsafe database file itself?

Cheers,

Rony
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

SanMan_Lite - 2007-07-18

Logged In: YES
user_id=1846215
Originator: YES

I would suspect that implimenting a change of this type would also include making changes to the database structure itself to include the ACL that you specify within the GUI.

Setting ACLs on the DB file itself is usually how I accomplish this task. However, everyone that would be using this utility would then have rights (by virtue of having access to the passwords within the database) to change the ACL at their whim. So, in the longrun, this doesn't appear to be a very secure method.

As far as making changes for a fee, we would be willing to consider this as an option. Shoot me an e-mail with your proposal at slarabee@hunton.com and we can discuss this further.

Regards,
Steve

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

networkgeek - 2008-12-30

I would support the same kind of features that Steve is asking for. My organization needs a password manager that can handle multiple users, preferably using LDAP, RADUS, or MS Active Directory lookups. Additionally, different access levels would be useful.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

networkgeek - 2008-12-30

I forgot to add that I, too, would donate if my organization was unwilling to pay for licensing (which, if it's reasonably priced, they would do!).

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Coldfirex - 2024-03-20

Is LDAP/AD support for users and groups something that is being looked at by chance?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.