Softerra's LDAP Administrator help text regarding credential management reads:
"Credentials that you use with LDAP Administrator to establish authorized connection to protected LDAP resources, are stored in a centralized location and thus available via Credentials Manager."
Where (and how) are the credentials stored?
Are they encrypted individually, as part of the license?
What controls are in place to ensure the central store cannot be used by another workstation (IF it is somehow copied over)?
My questions are concerning the possible mismanagement of the centrally localized credential store and whether or not it could be transferred to another desktop and used.
Managing credentials...
Moderator: Support
4 posts
• Page 1 of 1
Managing credentials...
by bannor4023 » Wed Apr 18, 2007 2:49 pm
- bannor4023
- Posts: 2
- Joined: Wed Apr 18, 2007 1:30 pm
by Support » Thu Apr 19, 2007 11:57 am
Where (and how) are the credentials stored?
They are stored in the configuration file called metabase.stg.
Are they encrypted individually, as part of the license?
Yes, they are encrypted. License is not involved in the credentials encryption.
What controls are in place to ensure the central store cannot be used by another workstation (IF it is somehow copied over)?
The main control is enforced by your OS which does not allow other users to read current user Local Application Data folder.
My questions are concerning the possible mismanagement of the centrally localized credential store and whether or not it could be transferred to another desktop and used.
Word 'central' probably was not the best option to describe this subsystem. It was meant to say that different parts of LDAP Administrator application work with credentials via central repository. Each user operates his/her own copy of metabase have no access to others' people settings.
- Support
- Posts: 896
- Joined: Sun Aug 12, 2001 12:00 am
Follow-up question.
by bannor4023 » Fri Apr 20, 2007 6:36 pm
Is there a way to disable the user's ability "Save password"?
We are concerned with the portability of the metabase.stg file. The fact that it can be transferred to any workstation with all profiles and saved Bind DN passwords regardless of licensing poses a security risk [to us].
You might consider encrypting this file based on the permanent license key. This would keep it from being copied/transferred to an unauthorized install.
We are concerned with the portability of the metabase.stg file. The fact that it can be transferred to any workstation with all profiles and saved Bind DN passwords regardless of licensing poses a security risk [to us].
You might consider encrypting this file based on the permanent license key. This would keep it from being copied/transferred to an unauthorized install.
- bannor4023
- Posts: 2
- Joined: Wed Apr 18, 2007 1:30 pm
by Support » Mon Apr 23, 2007 9:30 am
Is there a way to disable the user's ability "Save password"?
At the moment it's impossible.
You might consider encrypting this file based on the permanent license key. This would keep it from being copied/transferred to an unauthorized install.
We've added this feature to our TODO list for version 4.0. Thank you for your suggestion.
- Support
- Posts: 896
- Joined: Sun Aug 12, 2001 12:00 am
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest
