SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files

Passwdd 1.0.0 - README

I. Abstract:

This is the Passwdd suite version 1.0.0. It can be used to synchronize passwords and related information among two or more servers. It uses an internal security library for the encryption and decryption of the sensitive data.

Windows clients are provied. You need Microsoft Visual C/C++ 6.0 in order to compile them.

PERL CGI clients are provided as well. They use the passwddio.so shared library for the encryption and decryption subroutines. The appropriate HTML forms for invoking these CGI scripts are included in the package.

II. Compatibility:

Passwdd works best on Linux systems. Here is the list of the Linux/UNIX distributions where the suite is tested before the release: 

        Slackware 7.1
        RedHat 7.0
        FreeBSD 4.2
        Debian Linux 2.2
        Sun Solaris 2.6

III. Download and web site:

You can download passwdd from:

ftp://ftp.sourceforge.net/...
ftp://ftp.varna.net/...
ftp://metalab.unc.edu/...

IV. Version:

This document applies to version 1.0.0 of the software. Currently an older version of the program will be distributed and when the software is is reported to be stable enough - the first stable release 1.0.0 will be released.

V. Security:

The client and server do not exchange unencrypted passwords. They use an RSA encryption/decryption algorithm. In order to use it you need a keypair on the each machine running passwdd. You can create this keypair with the rsakeys utility. However, the communication is subject to Man in the Middle Attack and you are highly encouraged after installation and testing to check the the matching of your public keys on each client server. The security level depends on the length of the RSA modulus and many other factors. Currently length 1024 is considered as good security. Note that the RSA encryption and decryption is CPU resource consuming process and using modulus sizes with unjustified length is waste of resources. In case you are using the CGI clients you should provide a secure channel from your web server to the browsers of the users. There are several SSL libraries for the majority of the web servers now.

VI. Installation:

VII. Authors:

VIII. Copyright:

Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.