Managing credentials...

General Discussion about LDAP Administrator

Moderator: Support

Managing credentials...

Postby bannor4023 » Wed Apr 18, 2007 2:49 pm

Softerra's LDAP Administrator help text regarding credential management reads:

"Credentials that you use with LDAP Administrator to establish authorized connection to protected LDAP resources, are stored in a centralized location and thus available via Credentials Manager."

Where (and how) are the credentials stored?
Are they encrypted individually, as part of the license?
What controls are in place to ensure the central store cannot be used by another workstation (IF it is somehow copied over)?

My questions are concerning the possible mismanagement of the centrally localized credential store and whether or not it could be transferred to another desktop and used.
bannor4023
 
Posts: 2
Joined: Wed Apr 18, 2007 1:30 pm

Postby Support » Thu Apr 19, 2007 11:57 am

Where (and how) are the credentials stored?

They are stored in the configuration file called metabase.stg.
Are they encrypted individually, as part of the license?

Yes, they are encrypted. License is not involved in the credentials encryption.
What controls are in place to ensure the central store cannot be used by another workstation (IF it is somehow copied over)?

The main control is enforced by your OS which does not allow other users to read current user Local Application Data folder.
My questions are concerning the possible mismanagement of the centrally localized credential store and whether or not it could be transferred to another desktop and used.

Word 'central' probably was not the best option to describe this subsystem. It was meant to say that different parts of LDAP Administrator application work with credentials via central repository. Each user operates his/her own copy of metabase have no access to others' people settings.
Support
 
Posts: 896
Joined: Sun Aug 12, 2001 12:00 am

Follow-up question.

Postby bannor4023 » Fri Apr 20, 2007 6:36 pm

Is there a way to disable the user's ability "Save password"?

We are concerned with the portability of the metabase.stg file. The fact that it can be transferred to any workstation with all profiles and saved Bind DN passwords regardless of licensing poses a security risk [to us].

You might consider encrypting this file based on the permanent license key. This would keep it from being copied/transferred to an unauthorized install.
bannor4023
 
Posts: 2
Joined: Wed Apr 18, 2007 1:30 pm

Postby Support » Mon Apr 23, 2007 9:30 am

Is there a way to disable the user's ability "Save password"?

At the moment it's impossible.
You might consider encrypting this file based on the permanent license key. This would keep it from being copied/transferred to an unauthorized install.

We've added this feature to our TODO list for version 4.0. Thank you for your suggestion.
Support
 
Posts: 896
Joined: Sun Aug 12, 2001 12:00 am


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 1 guest

cron