A root password storage system.
Written by Chris Riggins, this arrangement should allow you to securely
store as many passwords as you need in an encrypted file, not easily
accessible to the general public.
The re-created version was slightly modified to use the more power-
ful "mcrypt" tools, rather than the system-standard "crypt" tools. The
arrangement has proved quite useful for our growing list of machines.
(Naturally, this system can store more than just root passwords).
Contact Email: firstname.lastname@example.org
MIGHT REQUIRE: SUNWski package on Solaris 2.6 or Solaris 7. (Which will
create a /dev/random). Preferrably run on Solaris 8, at
least. Solaris 8 will require the /dev/random patch:
Install the following packages, easily available pre-compiled:
gcc (egcs-2.91.66) or greater
mhash-0.8.15 or greater
automake-1.6 or greater
glib-1.2.10 or greater
Then compile and install the following two packages, which need the above
libmcrypt-2.5.3 or greater
This page last update April 18, 2003
- Add all known library directories to the LD_LIBRARY_PATH variable, or
libmcrypt won't compile
mcrypt-2.6.2 or greater
- Use the provided "build" script to compile the "passmenu" program,
and optionally the "sample_(de)crypt" programs.
- Add the fully pathed "passmenu" binary to the "/etc/shells" file to
allow logins directly to the password system.
- Add a link from /usr/local/lib/libmcrypt.so.4.3.3 (for instance) to
/usr/lib/libmcrypt.so.4 (for instance), or "passmenu" won't work as
a login shell.
- Set up a login account with "passmenu" as the shell, with all of the
shell scripts in the home directory of the "passmenu" user. The tar
ball should have created an ideal home-directory for "passmenu".
- Edit the sample_crypt.c, sample_decrypt.c, and passmenu.c programs
to alter the hard-coded encryption key, used to obfuscate the contents
of the file, ".key".
NOTE: The hard-coded encryption password can be up to 20 characters
NOTE: The encryption key, used to obfuscate the password file can
be up to 16 characters long.
- Use the "sample_crypt" binary to create the file, ".key", eg.
- For the first use, after establishing your personal encryption key,
run "passmenu", select "1:- Edit passwords", and then read in the
sample-password.file included with this distribution.
When ready to save, choose, "YES" to commit your changes, and ignore
the error, caused because you are beginning from scratch.
- The ".passback" directory, beneath the "passmenu" home, will contain
dated copies of older password files, in encrypted format, and can be
used to recover lost passwords.
- The current encrypted password file will be called ".toolbox", and is
stored in the home directory of the "passmenu" binary, as is the ".key"