21 Aug
2015
21 Aug
'15
11:53 p.m.
On Fri, Aug 21, 2015 at 4:10 PM, Kees Cook <kees@...20...> wrote:
If this is for shared password management, I would actually argue for eliminating the need for shared passwords entirely. How does revocation currently work? Right now, I imagine you're sharing credentials instead of having a credential for each person, which then has authorizations tied to that credential. For example, give each admin an account (separate credentials), and access to a sudo group (authorization tied to their credential).
For certain things where there is a single user (e.g. Twitter), we need to be able to share a single password.
Cheers, Josh