Door 1.0

Written by Chris Riggins, this arrangement should allow you to securely store as many passwords as you need in an encrypted file, not easily accessible to the general public.

The re-created version was slightly modified to use the more power- ful "mcrypt" tools, rather than the system-standard "crypt" tools. The arrangement has proved quite useful for our growing list of machines. (Naturally, this system can store more than just root passwords).

Contact Email: c_riggins01@yahoo.com

MIGHT REQUIRE: SUNWski package on Solaris 2.6 or Solaris 7. (Which will create a /dev/random). Preferrably run on Solaris 8, at least. Solaris 8 will require the /dev/random patch: 112396-02.

Install the following packages, easily available pre-compiled:

gcc (egcs-2.91.66) or greater
mhash-0.8.15 or greater
automake-1.6 or greater
glib-1.2.10 or greater

Then compile and install the following two packages, which need the above packages:

libmcrypt-2.5.3 or greater

• Add all known library directories to the LD_LIBRARY_PATH variable, or libmcrypt won't compile

  mcrypt-2.6.2 or greater

• Use the provided "build" script to compile the "passmenu" program, and optionally the "sample_(de)crypt" programs.

• Add the fully pathed "passmenu" binary to the "/etc/shells" file to allow logins directly to the password system.

• Add a link from /usr/local/lib/libmcrypt.so.4.3.3 (for instance) to /usr/lib/libmcrypt.so.4 (for instance), or "passmenu" won't work as a login shell.

• Set up a login account with "passmenu" as the shell, with all of the shell scripts in the home directory of the "passmenu" user. The tar ball should have created an ideal home-directory for "passmenu".

• Edit the sample_crypt.c, sample_decrypt.c, and passmenu.c programs to alter the hard-coded encryption key, used to obfuscate the contents of the file, ".key".

  NOTE: The hard-coded encryption password can be up to 20 characters long.
  NOTE: The encryption key, used to obfuscate the password file can be up to 16 characters long.

• Use the "sample_crypt" binary to create the file, ".key", eg.

     # ./sample_crypt
     keytext
     ^D
     #
  

• For the first use, after establishing your personal encryption key, run "passmenu", select "1:- Edit passwords", and then read in the sample-password.file included with this distribution.

  When ready to save, choose, "YES" to commit your changes, and ignore the error, caused because you are beginning from scratch.

• The ".passback" directory, beneath the "passmenu" home, will contain dated copies of older password files, in encrypted format, and can be used to recover lost passwords.

• The current encrypted password file will be called ".toolbox", and is stored in the home directory of the "passmenu" binary, as is the ".key" file.