On Wed, 2009-11-18 at 20:49 -0800, Darren Bolding wrote: > Pwman ...which has the HUGE advantage of being CLI (so useable over SSH sessions from network devices) and has tagging for searching large databases of passes. pwman3 is current version. For most OSs. I've even used it looped through a multitude of nested VTY+SSH+screen sessions - one of which was a Dropbear sshd and client on a 20$ plastic CPE - to save my sorry *ss
For GUIs:- Keepassx for most OSs, and Keepass2.x on MS Windows Password Gorilla is a nice one for end-users, most OSs Bruce's Passwordsafe format is a somewhat de-facto standard for import/export. Keepass can do a lot of conversion for you. Some shops use rsync top distribute the masters and set them readonly at filesystem - level though this tends to preclude regular rotation and updating. Beware that some of the commercial offerings are trivially broken or otherwise borked for "work" use. ymmv Whatever you use dump the file to a flat file (crypted of course) and save a statically linked version of the app for those "wow - what password app did we use way back in 2001?" moments. Print a copy every month or so and store securely offsite too - all the usual caveats apply. Once you have a super-duper app for them you tend to crank the pw complexity up to a level where no-one can remember anything nor even recognise regular ones; it's mainly cut and paste, especially if you use X. Unless of course, the OP meant RADIUS pulling on LDAP, PAM, etc ? Gord -- rommon 3 > You have reached the gateway of last resort. Abandon hope all ye who press enter here
smime.p7s
Description: S/MIME cryptographic signature