SLAC CPE Software Engineering Group
 

Simple Password Server Configuration


SLAC Detailed
SLAC Computing
Software Home
Software Detailed
 

24-Aug-2010


The simple password server is a way to get passwords securely.

We chose the physics account as our privileged users already have access.  I created a .private directory in the /home/physics/.ssh directory to store the files.  Root has access to the sensitive files while physics can read the encrypted file to decode the password.

[physics@mccfs2 ~/.ssh/.private]$ ls -la
total 24
-r-------- 1 root root 707 Jun 15 13:51 .cdpwds_clear
-r-------- 1 physics lcls 728 Jun 15 13:51 .cdpwds_enc
-rwx------ 1 root root 492 Jun 8 08:16 encrypt_pwds
-rwx------ 1 physics lcls 1552 Jun 8 08:22 gimmePwd

.cdpwds_clear  - clear passwords only visible by root

.cdpwds_enc    - encrypted version of password files visible by physics

encrypt_pwds   - creates .cdpwds_enc from  .cdpwds_clear  -Must be root

gimmePwd       - Gets password for user -Must run as physics account

Document:  Simple Password Server

 

         


Created by Ken Brobeck and Jingchen Zhou on July 02, 2007.