Last year, I ran across this password manager at http://codecanyon.net/item/password-manager/2145518 but I haven't gotten around to try to install it yet.
Regards, Alisak. Alisak Sanavongsay Digital Assets Programmer http://library.ucmerced.edu 209.201.9073 asanavong...@ucmerced.edu On Mar 5, 2013, at 10:35 AM, Joe Hourcle <onei...@grace.nascom.nasa.gov> wrote: > On Mar 5, 2013, at 8:29 AM, Adam Constabaris wrote: > >> An option is to use a password management program (KeepassX is good because >> it is cross platform) to store the passwords on the shared drive, although >> of course you need to distribute the passphrase for it around. > > So years ago, when I worked for a university, they wanted us to put all of > the root passwords into an envelope, and give them to management to hold. > (we were a Solaris shop, so there actually were root passwords on the boxes, > but you had to connect from the console or su to be able to use 'em). > > We managed to drag our heels on it, and management forgot about it*, but I > had an idea ... > > What if there were a way to store the passwords similar to the secret formula > in Knight Rider? > > Yes, I know, it's an obscure geeky reference, and probably dates me. The > story went that the secret bullet-proof spray on coating wasn't held by any > one person; there were three people who each knew part of the formula, and > that any two of them had enough knowledge to make it. > > For needing 2 of 3 people, the process is simple -- divide it up into 3 > parts, and each person has a different missing bit. This doesn't work for 4 > people, though (either needing 2 people, or 3 people to complete it). > > You could probably do it for two or three classes of people (eg, you need 1 > sysadmin + 1 manager to unlock it), but I'm not sure if there's some method > to get an arbitrary "X of Y" people required to unlock. > > If anyone has ideas, send 'em to be off-list. (If other people want the > answer, I can aggregate / summarize the results, so I don't end up starting > yet another inappropriate out-of-control thread) > > ... > > Oh, and I was assuming that you'd be using PGP, using the public key to > encrypt the passwords, so that anyone could insert / update a password into > whatever drop box you had; it'd only be taking stuff out that would require > multiple people to combine efforts. > > -Joe > > > * or at least, they didn't bring it up again while I was still employed there. >