[Mageia-sysadm] sharing account access data
nicolas vigier
boklm at mars-attacks.org
Fri Feb 15 16:33:14 CET 2013
On Fri, 15 Feb 2013, Pascal Terjan wrote:
> On Fri, Feb 15, 2013 at 11:52 AM, nicolas vigier <boklm at mars-attacks.org>wrote:
>
> > On Fri, 15 Feb 2013, Pascal Terjan wrote:
> >
> > > On Fri, Feb 15, 2013 at 11:24 AM, nicolas vigier <boklm at mars-attacks.org
> > >wrote:
> > >
> > > > On Fri, 15 Feb 2013, Romain d'Alverny wrote:
> > > >
> > > > > Is there a tool/place (or plan to have it) to store and share account
> > > > > data to various services (blogs, twitter, flickr, hosting services,
> > > > > etc.)?
> > > > >
> > > > > A restricted wiki, or something that could handle groups?
> > > >
> > > > Not yet. But we could store on svn a file containing passwords,
> > encrypted
> > > > with gpg. Each team can create a gpg key and share it between all team
> > > > members, and encrypt the passwords file with this key.
> > > >
> > > > I'm sure a better sstem has to exist, where you can revoke acces for
> > > example :)
> >
> > Do you know one ?
>
>
> No but we can try to find one :)
I tried to find one before, but didn't find something good. I was
thinking about making some scripts for that, but it's not high priority.
So using something simple like a shared gpg key would maybe be enough
for now.
> Actually if the svn repository is not readable by people not in a given
> group that allows revoking access even if they still have a copy of the
> master key, but still in security/cryptography world I don't like
> reinventing things :)
Maybe some systems allow to revoke access, but nothing prevent that
person from keeping a copy of all passwords before his access is
revoked. So only reliable way to revoke access is to change all
passwords.
If using a shared gpg key, to revoke access for someone we need to start
using a new key and change all passwords. That's not very convenient,
but hopefully we don't need to do that often.
More information about the Mageia-sysadm
mailing list