[Mageia-sysadm] sharing account access data

Pascal Terjan pterjan at gmail.com
Fri Feb 15 16:45:48 CET 2013


On Fri, Feb 15, 2013 at 3:33 PM, nicolas vigier <boklm at mars-attacks.org>wrote:

> On Fri, 15 Feb 2013, Pascal Terjan wrote:
>
> > On Fri, Feb 15, 2013 at 11:52 AM, nicolas vigier <boklm at mars-attacks.org
> >wrote:
> >
> > > On Fri, 15 Feb 2013, Pascal Terjan wrote:
> > >
> > > > On Fri, Feb 15, 2013 at 11:24 AM, nicolas vigier <
> boklm at mars-attacks.org
> > > >wrote:
> > > >
> > > > > On Fri, 15 Feb 2013, Romain d'Alverny wrote:
> > > > >
> > > > > > Is there a tool/place (or plan to have it) to store and share
> account
> > > > > > data to various services (blogs, twitter, flickr, hosting
> services,
> > > > > > etc.)?
> > > > > >
> > > > > > A restricted wiki, or something that could handle groups?
> > > > >
> > > > > Not yet. But we could store on svn a file containing passwords,
> > > encrypted
> > > > > with gpg. Each team can create a gpg key and share it between all
> team
> > > > > members, and encrypt the passwords file with this key.
> > > > >
> > > > > I'm sure a better sstem has to exist, where you can revoke acces
> for
> > > > example :)
> > >
> > > Do you know one ?
> >
> >
> > No but we can try to find one :)
>
> I tried to find one before, but didn't find something good. I was
> thinking about making some scripts for that, but it's not high priority.
> So using something simple like a shared gpg key would maybe be enough
> for now.
>
> > Actually if the svn repository is not readable by people not in a given
> > group that allows revoking access even if they still have a copy of the
> > master key, but still in security/cryptography world I don't like
> > reinventing things :)
>
> Maybe some systems allow to revoke access, but nothing prevent that
> person from keeping a copy of all passwords before his access is
> revoked. So only reliable way to revoke access is to change all
> passwords.
>


> If using a shared gpg key, to revoke access for someone we need to start
> using a new key and change all passwords. That's not very convenient,
> but hopefully we don't need to do that often.


Yes my problem was with the need to change the key when someone leaves the
team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20130215/4aabd80e/attachment.html>


More information about the Mageia-sysadm mailing list