LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 09-18-2009, 07:10 AM   #1
deadeyes
Member
 
Registered: Aug 2006
Posts: 605

Rep: Reputation: 78
keyring/password manager for script use


Hi all,

I have now a script that needs the user password and username to retrieve a webpage from another server.
For now the username and password are stored in the script itself and it has 700 as permissions.

I would now like to put that password in some sort of passwordmanager/keyring. So I want to be able to retrieve the password for the server with only giving the unlock password once every day for example.(so the user does not has to give the password every time)

Anyone has an idea what I can use for this? I want to control it from command line.
So it can be automated and the user will only be asked for the keyring/password mananger password when necessary.

Last edited by deadeyes; 09-18-2009 at 07:18 AM.
 
Old 09-18-2009, 07:48 AM   #2
paulo.monk
LQ Newbie
 
Registered: Dec 2008
Posts: 19

Rep: Reputation: 0
Which desktop environment?
The solution may depend on the complexity you want to apply.
If you want an "not so beautiful" solution, you could store the md5 or pgp hash of the pair [login - password] in some file - but thats far from the ideal scenario. If multiple users are gonna log in through this method, you could install some small database system, like mysql, and use the same or an similar techique.

If you want to make an more integrated and robust solution, other suggestion could be look for gnome-keyring documentation (if gnome is the DE of your choice) and make your app interact directly with it (some C programming should be necessary). The disavantage is that your solution would be hard linked to gnome (if you want an more wide solution, test what are the actual desktop environment and take the necessary actions depending on it (interact with specific keyring managers, etc).
Take a look at this post for some previous discussion.

http://ubuntuforums.org/archive/inde...t-1086490.html

Hope it helped. At least for an initial brain storm process.
 
Old 09-18-2009, 07:53 AM   #3
paulo.monk
LQ Newbie
 
Registered: Dec 2008
Posts: 19

Rep: Reputation: 0
Hey..

If you want an authentication system to access some webapp, why not use your http server authentication capabilities?

You should give some more information, actually.

:P
 
Old 09-18-2009, 08:16 AM   #4
deadeyes
Member
 
Registered: Aug 2006
Posts: 605

Original Poster
Rep: Reputation: 78
Quote:
Which desktop environment?
The solution may depend on the complexity you want to apply.
If you want an "not so beautiful" solution, you could store the md5 or pgp hash of the pair [login - password] in some file - but thats far from the ideal scenario. If multiple users are gonna log in through this method, you could install some small database system, like mysql, and use the same or an similar techique.

If you want to make an more integrated and robust solution, other suggestion could be look for gnome-keyring documentation (if gnome is the DE of your choice) and make your app interact directly with it (some C programming should be necessary). The disavantage is that your solution would be hard linked to gnome (if you want an more wide solution, test what are the actual desktop environment and take the necessary actions depending on it (interact with specific keyring managers, etc).
Take a look at this post for some previous discussion.

http://ubuntuforums.org/archive/inde...t-1086490.html

Hope it helped. At least for an initial brain storm process.
I try to get this as independent as possible (to get low dependencies and in this way highering the portability). But if necessary gnome-keyring or kde can be installed to get this working.
As long as I can manage it through a script (or in worst case, using C/C++; note that I want to keep the implementation as open, as in easy to access/maintain/update/improve, as possible).

I will take a look at the link provided. Thanks!

Quote:
Originally Posted by paulo.monk View Post
Hey..

If you want an authentication system to access some webapp, why not use your http server authentication capabilities?

You should give some more information, actually.

:P
I think you don't understand what I mean (and that can surely be because of me )
My script does use the http server authentication.
BUt I don't want the users of the script to have to type the password of the webserver over and over again (as this gets used a hundred times a day or more). So I don't want it in clear text file. So what I want is that the first time of that day, the user uses his password for the keymanager. After that the password from the webservice can be retrieved without user intervention (aka by the script) and used to retrieve some resources.


Maybe this can help. The authentication of the webserver uses an AD server to check if your request is valid.
Maybe there is a way with kerberos or something to also authenticate with the AD and that I can then retrieve the webpage without any credentials(but I could not yet find a way how this should work with passing the ticket to the webserver to show you are allowed there).


Thanks for your help!
 
Old 09-18-2009, 08:50 AM   #5
paulo.monk
LQ Newbie
 
Registered: Dec 2008
Posts: 19

Rep: Reputation: 0
In http://ubuntuforums.org/archive/index.php/t-320308.html, one guy (the first reply) talks about pam-keyring.
Actually, I have to sorry cause I've never interacted with keyring managers in a developer or sysadmin perspective, so I'm trying to help and learning at the same time.

:P

Backing to pam keyring. As I read, there's no need to work directly with gnome or other specific keyring. It looks to me that gnome, kde and other graphical keyrings only interact with him. So you could directly communicate with it (by shell scriptin as I can see from the last post I've sended - no need to use C/C++).

I guess you will only have problems with system not pam-based, like my loved slackware #). But thats worth some google's search.

I'm gonna make more profound search and give you some return.
 
Old 09-18-2009, 09:13 AM   #6
paulo.monk
LQ Newbie
 
Registered: Dec 2008
Posts: 19

Rep: Reputation: 0
I'm having problems looking for infos about libpam-keyring. Looks like there's very few (and hidden Oo) documentation about this.

As a last resource, you should consider lookin for an third party password manager. It's always healthy have a plan B.
The best option I saw was Password Gorilla (GPL). Apparently it uses blowfish algorithm and doesnt need to be installed to run.

I would try some info about pam-keyring and, after, look for interactions with specific DE's keyring (gnome, kde, etc). Im sure that there's a good documentation to these last mentioned. It will possibly add some complex to the solution's implementation, but it seems to me the cleaner and direct option.
 
Old 09-18-2009, 10:27 AM   #7
deadeyes
Member
 
Registered: Aug 2006
Posts: 605

Original Poster
Rep: Reputation: 78
Quote:
Originally Posted by paulo.monk View Post
I'm having problems looking for infos about libpam-keyring. Looks like there's very few (and hidden Oo) documentation about this.

As a last resource, you should consider lookin for an third party password manager. It's always healthy have a plan B.
The best option I saw was Password Gorilla (GPL). Apparently it uses blowfish algorithm and doesnt need to be installed to run.

I would try some info about pam-keyring and, after, look for interactions with specific DE's keyring (gnome, kde, etc). Im sure that there's a good documentation to these last mentioned. It will possibly add some complex to the solution's implementation, but it seems to me the cleaner and direct option.
Thanks alot for your great effort.
I will take a look if I can use pam-keyring.

THe password gorilla tool does not seems to be appropriate in this case as it doesn't seem to be scriptable.

I'll keep this thread up to date.
 
Old 09-18-2009, 03:15 PM   #8
jgombos
Member
 
Registered: Jul 2003
Posts: 256

Rep: Reputation: 32
Check out pwsafe. It's a command line tool for managing passwords. It uses the de facto password safe file format which I believe Bruce Schneier invented.. or at least endorses. Your script can simply call pwsafe. You have the option of grabbing the password from stdout, or having it placed on the clipboard.
 
Old 09-19-2009, 08:23 AM   #9
deadeyes
Member
 
Registered: Aug 2006
Posts: 605

Original Poster
Rep: Reputation: 78
Quote:
Originally Posted by jgombos View Post
Check out pwsafe. It's a command line tool for managing passwords. It uses the de facto password safe file format which I believe Bruce Schneier invented.. or at least endorses. Your script can simply call pwsafe. You have the option of grabbing the password from stdout, or having it placed on the clipboard.
I am not sure, but I probably have to type the password of the password-db each time I want to access it. And that is what I do not want. Or for example that I have to give it each hour, and not each time I want to access it.
 
Old 09-20-2009, 07:12 AM   #10
deadeyes
Member
 
Registered: Aug 2006
Posts: 605

Original Poster
Rep: Reputation: 78
I found this and I think it is what I need:
http://www.gentoo-wiki.info/HOWTO_Us...SH_passphrases

There is some part of c code.
How to compile it is also on the page
 
Old 09-20-2009, 08:14 AM   #11
jgombos
Member
 
Registered: Jul 2003
Posts: 256

Rep: Reputation: 32
Quote:
Originally Posted by deadeyes View Post
I am not sure, but I probably have to type the password of the password-db each time I want to access it. And that is what I do not want. Or for example that I have to give it each hour, and not each time I want to access it.
It's text based and runs on the commandline, so your script can easily enter the master password.
 
Old 09-21-2009, 03:19 AM   #12
deadeyes
Member
 
Registered: Aug 2006
Posts: 605

Original Poster
Rep: Reputation: 78
Quote:
Originally Posted by jgombos View Post
It's text based and runs on the commandline, so your script can easily enter the master password.
True, but what is the use then? I dont want the password in a file. And I dont want that the user has to type it in over and over again each time he uses the tool
 
Old 09-21-2009, 08:41 PM   #13
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,261

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
I think you need to write a small server, that you start at the beginning of the day, and pass the password to. It then stores it in mem, then the client app calls the server for the website passwd before calling the website.

A similar but different approach would be ssh-agent+ssh tunnelling to the website.
 
Old 09-22-2009, 04:12 AM   #14
deadeyes
Member
 
Registered: Aug 2006
Posts: 605

Original Poster
Rep: Reputation: 78
Quote:
Originally Posted by chrism01 View Post
I think you need to write a small server, that you start at the beginning of the day, and pass the password to. It then stores it in mem, then the client app calls the server for the website passwd before calling the website.

A similar but different approach would be ssh-agent+ssh tunnelling to the website.
Thanks for your input!
That is also an option. However I like to use as much existing solutions.
So I think the way to go here is with a keyring manager (or kwallet for KDE).
I found a piece of code on the following site that allows me to access the keyring from the command line. Maybe I can program some little more that I don't need any gui at all.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Hello and keyring password problem CeeJayW LinuxQuestions.org Member Intro 1 12-18-2008 03:12 PM
mail-notification / Keyring Manager expatCM Linux - Software 4 02-24-2008 03:33 AM
keyring manager docs for gnome radiodee1 Debian 0 01-05-2008 01:26 PM
FC 8: Evolution keeps asking for keyring password. redarrow Fedora 1 12-23-2007 11:25 AM
Knome Keyring Manager... dsyebert Linux - Newbie 0 09-16-2006 04:11 PM


All times are GMT -5. The time now is 02:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration