Password Management?

First off what options are available?

We have a system with a couple hundred TP's all of which have multiple levels of security, which is all handled localled through the TP's password settings page.

We would like to move to a centrally managed password system. We have RMS partially implemented and are possibly adding more to that, is their any options with RMS for this?

Any and all thoughts are welcome.

-Paul

Comments

  • PhreaKPhreaK Senior Member Posts: 966
    There's nothing stock standard with this but you could technically use RMS as the password storage and implement something yourself. However, this is likely to be a pain as passwords will have to be managed on a per system basis and isn't exactly the most secure way to approach the situation.

    Alternatively you could authenticate against an LDAP server or similar (again, you'll have to roll something yourself for this).
  • Im interested in this idea of LDAP server or something similiar, could you elaborate more... What specifically are we talking here, is this just something to authentice in a secure means and passback a string we can parse to retreive a particular page or were you going a different direction.

    I appreciate you help and thoughts on this!

    RMS was just an idea because we have it partially implemented, but it wasn't used much by the user, so a new requirement is to almost fully implement all the features of it, so they will use it more; I don't have much time playing with it, so I wasn't sure if there was a quick(er) way of doing this for enterprise users in this situation.
  • champchamp Junior Member Posts: 261
    LDAP is definitely possible but my mind shuts down whenever I try to decipher RFCs.
    It is easier to reverse engineer the packets than understand the way the RFC boffins explain stuff.

    I know there is a company who sells an Active directory module for the oppositions product and AMX is much better at string handling, socket and task management when doing complex string handling so it is definitely possible for anyone who likes deciphering RFCs.
  • pdabrowskipdabrowski Aussie Guy Posts: 184
    Instead of trying to leverage LDAP in your code, why not try and create an auth ticket system based around the master sending the user/password combo through to a web server that replys with a string that sets a flag in the code. The transport can be HTTPS and you can even limit access to that webserver to IP's from known masters.

    Then, if you want to use LDAP you can use a module on the webserver to perform the query by acting as a gateway, this way you might be more successful as webserver <> LDAP stuff is known by more than just a few AMX gurus
  • ok, this seems like its maybe getting over my head...

    Can anybody tell me comparably, how secure communications would need to be, to match the local password holding protection built into the TP's? I'm not sure how easy this is to answer, but just in case someone has an idea.


    Does anyone have a recommened or common practice route... Something that isn't too exorbitant, afterall the local password's are only that passwords, there is no username to compare with, so my original thought was taking the user input password, and creating a simple encrption, possibly time based, and sending that to the master to decrypt and compare and just back a permission level that is in a similiar encryption type. Does this seem comparable to the TP's internal password holds..?

    Sometimes I wish netlinx could've been a more common language, I could make this in java or C++ without problem or concern, but the structure of netlinx makes it very hard... but then again im still learning and maybe this isn't a big deal to most of you guys.
  • jimmywjimmyw Junior Member Posts: 112
    I didn't realize people out there were looking for something like this, give me till Wednesday to clean up my module and I'll upload my password manager, it supports 49 users, 1 admin user, 4-8 digit passwords, and time based authentication, 1 thing I didn't ever finish 100% is limited use tokens. (maids etc)

    Jimmy
  • jimmyw wrote: »
    I didn't realize people out there were looking for something like this, give me till Wednesday to clean up my module and I'll upload my password manager, it supports 49 users, 1 admin user, 4-8 digit passwords, and time based authentication, 1 thing I didn't ever finish 100% is limited use tokens. (maids etc)

    Jimmy

    Jimmy, that would be amazing! No need to redesign the wheel, thanks!
  • Jimmy any updates on this by any chance? I excited to take a look and see if this will help us.


    thanks,
    Paul
  • jimmywjimmyw Junior Member Posts: 112
    Jimmy any updates on this by any chance?l

    Whoops! I spaced it, sorry, I'll bust it out tonight while I pretend to watch American idol.

    Jimmy
  • Jim DonachiueJim Donachiue Junior Member Posts: 82
    I would be interested as well

    I would be interested as well.
    I am just starting out with AMX, been doing Win Apps with C++, C#, and Delphi for 15+ yrs and this stuff is like learning all over again.
    jimmyw wrote: »
    Whoops! I spaced it, sorry, I'll bust it out tonight while I pretend to watch American idol.

    Jimmy
  • I would be interested as well.
    I am just starting out with AMX, been doing Win Apps with C++, C#, and Delphi for 15+ yrs and this stuff is like learning all over again.

    Yeah it is... im a year in and on prog 2... and tossed into some of the biggest AMX installs in the US, possible the world, so I feel your pain. I also come from a C++ and Java (alil C# too), CS background, and this is worlds apart as far as rules and semantics go.
  • jimmyw wrote: »
    Whoops! I spaced it, sorry, I'll bust it out tonight while I pretend to watch American idol.

    Jimmy

    hahah, no worries. Thanks for offering it! I look forward to (and *hoping* it fits our needs and) using it.
  • Jim DonachiueJim Donachiue Junior Member Posts: 82
    Yeah it is... im a year in and on prog 2... and tossed into some of the biggest AMX installs in the US, possible the world, so I feel your pain. I also come from a C++ and Java (alil C# too), CS background, and this is worlds apart as far as rules and semantics go.

    I can certainly see where NetLinx could seriously benefit from classes and any number of other other standard language features. I have been trying to get the TP4 file structure from AMX so that I can write a simple interface to set Property Values quickly. I am working with mostly professionally designed Panels and really only need to go through and set the Programming Properties. If the Panel Buttons are named appropriately is would be easy to go through and set values quickly with a better interface. I could even add functionality to set sequential values in one fell swoop. Have not heard back from them yet. I just finished Programming I (SharpsAV paid for me to go down, it is winter in Calgary...LOL) in Dallas Texas with Caroline Bjorkquist. I have been nagging her to put me in contact with someone who can help me...
  • Lets take setting properties to the next step, how about creating objects ie. buttons through code and then addressing them dynamically.

    Have an arraylist of button objects, so you could access them, add, remove, alter them all through your code. Its great to visually create a program, but if both worked together like other languages, how nice would that be!?

    I do enjoy using googles visual editor with java in eclipse, but nothing beats hoping between the two willy nilly... I'll create a basic gui and then go tweak it in the code to do exactly what I want, and then see it instantly within the editor, at the flip of a tab.


    ... now that is where my fantasies bring me!
  • Jim DonachiueJim Donachiue Junior Member Posts: 82
    Ahh, yes fantasies...

    Having objects to work with would be great.
    I have been looking into ********'s IDE's and I see a lot of things that will work better than AMX's.
    Especially the Core 3 UI programming - much slicker than TPD4.
  • jweatherjweather Junior Member Posts: 320
    I could even add functionality to set sequential values in one fell swoop.

    Maybe you should learn the tools you have before you rewrite them... select a range of buttons in order with SHIFT, then hit F8 for power assign.
  • John NagyJohn Nagy CineTouch Product Manager Posts: 1,501
    LDAP

    One should note that the new generation of firmware (V4) that is in the newest 256meg 4100's has native support for LDAP. So the notes say anyway.

    And I believe you have been able to dynamically create buttons via programming for many years now.
  • Jim DonachiueJim Donachiue Junior Member Posts: 82
    jweather wrote: »
    Maybe you should learn the tools you have before you rewrite them... select a range of buttons in order with SHIFT, then hit F8 for power assign.

    Thanks jweather for the insight,
    I know I can do that.
    I am just saying there are many things I could do, faster, if I had the format of the TP4 file.
  • jimmyw wrote: »
    I didn't realize people out there were looking for something like this, give me till Wednesday to clean up my module and I'll upload my password manager, it supports 49 users, 1 admin user, 4-8 digit passwords, and time based authentication, 1 thing I didn't ever finish 100% is limited use tokens. (maids etc)

    Jimmy

    Jimmy, have you had a chance to look at this again? I am getting closer to needing to implement a solution and am hoping I can work with yours.


    Let me know if you still plan on posting this, or if you would prefer to email me it.

    Thanks again,
    Paul
  • rorrrorr Junior Member Posts: 5
    Any updates?

    I would love to add this functionality to my projects, any news on posting this mod jimmyw?
Sign In or Register to comment.