2004.03_Charly,S Column-Pwmanager-Less Passwords to Remember.pdf

Charly’s column

SYSADMIN

Forget-me-not

Now, was it D§65sZ%a or possibly

O?e2Tu%L ? The average admin will

tend to forget most of her passwords

during a 14 day holiday. If you are not

into mind mapping, and want to

avoid writing your passwords down,

you need a software safe.

BY CHARLY KÜHNAST

Figure 1: The PwManager user is prompted to enter the master password before storing the password list.

short. They should not be dictio-

nary words, and they should use

a combination of small and capital

letters, numbers, and non-standard char-

acters. If you are a genius, or only log on

to a single machine – and possibly your

Ebay account –, feel free to skip this

page and carry on reading the rest of the

magazine.

For the others – especially admins who

manage a whole farm of computers, just

like I do – there is always the temptation

to write down your passwords on a scrap

of paper which you put in your purse or

your pocket. And that almost puts you

on a par with the little old lady I met at

my local bank the other day. She was

standing in front of the cash dispenser,

and looked puzzled.

Little old lady: “Oh dear, now how do I

get at that secret number?”

Charly: “Have you forgotten your

code?”

Little old lady: “No, I wrote it on my

card, but the card’s in the machine

now!”

word. Removing that piece of paper from

my purse, and feeding it to the document

shredder, certainly made me feel good.

Safe GUI

This conversation brought home to me

that I needed a password safe myself –

not a steel safe, mind you, but a software

solution. Some kind of file that stored all

my passwords and used a master pass-

word to protect them. My research

showed that there were many “safe solu-

tions” of this type. But what I liked about

PwManager [1] was the fact that it only

needed the Libxml2, Libbzip2 and Zlib

libraries, no matter whether I opted for

the tarball, source or binary RPM. Good,

sensible libraries. And it was easy to

compile and install the program.

PwManager provides a neat X11 GUI

interface for password entry, and orga-

nizes your passwords in categories.

There are also a few functions for sorting

and quickly locating passwords. When

you attempt to store your password list,

PwManager prompts you for a master

password (see Figure 1) and uses Blow-

fish to encrypt the file before storing it.

If I need to retrieve a password from

the safe, I simply use PwManager to load

my password file. The program prompts

me for the master password, and then

lets me search the list for the magic

À la Card

With a card reader and Libchipcard

installed, you can assign the master

password function to a chip card. Enable

the --enable-keycard configure option

when compiling PwManager.

However, using a single file to provide

access to multiple accounts constitutes a

single point of failure. That is real trou-

ble if someone hacks my PwManager

machine, or if I forget the master pass-

word, lose the chip card, or destroy the

password file. I use a tape backup to pro-

tect against the latter case.

■

INFO

[1] PwManager: http://passwordmanager.

sourceforge.net

SYSADMIN

Charly Kühnast is a

Unix System Manager

at the data- center in

Moers, near Germany’s

famous River Rhine. His

tasks include ensuring

firewall security and

availability and taking care of the

DMZ (demilitarized zone).

Kernel 2.6 Installation ........ 60

Follow our guide to installing the latest sta-

ble kernel release and gain all the features.

Admin Workshop ................... 64

Using the system logging daemon to keep a

track of all your system messages.

www.linux-magazine.com

March 2004

The Sysadmin’s Daily Grind: PwManager

G ood passwords should not be too

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: