close Warning: Can't synchronize with repository "(default)" (/usr/svn/silverfile does not appear to be a Subversion repository.). Look in the Trac log for more information.

Changes between Version 3 and Version 4 of administration/security


Ignore:
Timestamp:
Oct 7, 2009, 9:27:32 PM (13 years ago)
Author:
hank
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • administration/security

    v3 v4  
    7070Master passphrase file is located in the sfpass home and called
    7171'''passphrase-master.gpg'''
    72 This file is edited by sfkeys in encrypted form only.  See this page for info about
    73 vim plugin to edit encrypted in place (decrypted file never touches disk)
    74 http://www.vim.org/scripts/script.php?script_id=661
     72This file is edited by sfkeys in encrypted form only.
    7573
    76 To initially create the gpg file the command is:
     74Admins will have separate passphrase files located at /home/sfpass/passphrase-<admin>.gpg. 
     75At this time we just have one passphrase file located at /home/sfpass/passphrase.gpg which
     76is readable by all admins.
     77
     78To render the decrypted passphrase file to STDOUT (note the additional dash):
    7779{{{
    78 gpg -c decryptedfile
     80gpg -o - /home/sfpass/passphrase.gpg
    7981}}}
    80 
    81 Administrators will su to sfpass and access the passphrase file by standard out
    82 only.  passphrase-master will require the appropriate password.
    83 
    84 To render decrypted file to STDOUT (note the additional dash):
    85 {{{
    86 gpg -o - file.gpg
    87 }}}
    88 
    89 [/browser/trunk/third-party/vim_gnu_plugin/gnupg.vim Plugin for editing encrypted files in place using vim.]
    9082
    9183
    9284'''Never save decrypted passphrase file to disk- View standard out only, and
    9385cut/paste passphrase to another terminal'''
     86
     87For tips on creating and editing GPG files view the [/wiki/administration/system-admin Using GPG] section
     88in the administration guide.
    9489
    9590== Tunneling to specific !SilverFile appliance ==