On Fri, Aug 21, 2015 at 04:53:50PM -0700, Josh Andler wrote:
On Fri, Aug 21, 2015 at 4:10 PM, Kees Cook <kees@...20...> wrote:
If this is for shared password management, I would actually argue for eliminating the need for shared passwords entirely. How does revocation currently work? Right now, I imagine you're sharing credentials instead of having a credential for each person, which then has authorizations tied to that credential. For example, give each admin an account (separate credentials), and access to a sudo group (authorization tied to their credential).
For certain things where there is a single user (e.g. Twitter), we need to be able to share a single password.
Gotcha. Do you change all the shared passwords each time someone is removed from the list people with access?
-Kees