Wrong management of multiple KeePass credentials
Hi all,
at work we have a multi-domain environment and thus the need to connect to servers in multiple domains.
I find very useful the possibility to use the KeePass integration, but in the scenario above it does not work correctly.
Let's say I have the domain abc.local and xyz.local and I want to use my KeePass entry ABC_Credentials with abc.local servers and my KeePass entry XYZ_credentials with xyz.local servers.
I select an abc.local server entry, edit user specific settings, tick on "Override credentials", select "My Personal Credentials", select KeePass database and my ABC_Credentials entry. If I open the abc.local server, the RDP connection is correctly opened using the ABC_Credentials in my KeePass. So far, no problem at all, everything works fine.
Then I do the same for the xyz.local server, obviously selecting the XYZ_credentials on my KeePass. If I test the xyz.local server, the RDP connection is correctly opened using the XYZ_credentials in my KeePass.
The problem is, if I then try to open the abc.local server I've set before, RDM tries to open the RDP connection with the KeePass' XYZ_credentials, which obviously are not suited to that domain and thus incorrect.
For us, this is a huge limitation, since it means we can integrate RDM and KeePass with only a domain at a time, "breaking" the integration with other domains.
Could you please check it and let me know when it will be fixed?
I'm currently using the 10.6.7.0 version of Remote Desktop Manager with Enterprise License.
Please tell me if you need further details.
Regards,
Marco
All Comments (5)
I am not sure I fully understand how you are applying this and why you are using the Override credentials option, so I don't know if that is an issue or not. Perhaps I am misunderstanding, so if I am, I apologize in advance.
Assuming I understand the issue correctly, I do something similar with multiple untrusted domains. There are two ways to look at this depending on how you are setup. If you have two different KeePass servers, then you can just point to the different databases and use the corresponding database for the correct server. I believe you can setup completely different lists for each database as you login, though I don't do it that way, so I may be mistaken.
The alternative (which is also how I do this) is to put in the full domain creds in a single database. What I mean is, instead of using uSERnAME as your account, try setting each to abc\uSERnAME or uSERnAME@abc.local in the username field for those servers. Likewise, for the other domain, use xyz\uSERnAME or uSERnAME@xyz.local for the XYZ domain. Then, as the password is associated to that username uniquely, it will not pull the wrong credentials. I have never had an issue doing it this way.
Hope that helps, as a workaround if nothing else.
Tom
Fettuccine Alfredo is Macaroni and Cheese for Adults
Hi Thom,
I think I didn't explain myself, so I'll try again.
In my organization we share a common database (MS SQL Express DB) containing all servers we need to access; at the same time, we all use our own personal credentials to access those servers.
Every single user of my organization wants to personalize its own way to use RDM: display settings, screen size and among all customizable settings, we need to be able to use our own credentials with KeePass through the integration provided.
To be able to customize those settings, every user overrides the settings he is interested in via the "User specific settings" window and specifically the "My personal credentials" field.
Back to my problem: as in your setup, I also use a single database containing all credentials I need and they are already stored in the Domain\Username form; but this does not change the situation. It's like if when I associate new KeePass credentials to another server via the "My personal credentials" submenu, also the credentials associated to other server changes..
This is my situation:
- I associate the server a.abc.local to my KeePass credentials "ABC Credentials" in the ABC\username form. Everything works fine if I try to access server a.abc.local (the ABC credentials are correctly pulled).
- I associate the server b.xyz.local to my KeePass credentials (same KeePass database) "XYZ Credentials" in the XYZ\username form. Everything works fine if I try to access server b.xyz.local (the XYZ credentials are correctly pulled).
- If I try to access server a.abc.local, the XYZ credentials are pulled and therefore I don't authenticate on the server.
I hope the problem is now clearer. let me know if you need other explanations.
Thanks,
Marco
It is. The second paragraph is the part I missed...The common database of servers needing access. It makes a lot more sense now.
Hopefully they will be able to come back with a better answer for you.
Fettuccine Alfredo is Macaroni and Cheese for Adults
Hello,
"My personal credentials" is a SINGLE specialized credential entry, it is best for storing your domain account. For the scenario that you describe, you should use the Private Vault to have multiple entries. Each server will point to a private vault credential entry.
On a side node, the "My personal credential" entry is stored in your windows profile, therefore will not follow you to other clients that use the same data source.
Best regards,
Maurice
Hi Maurice,
I had no idea this possibility existed! Thank you very much for your help, very appreciated!
Thanks again,
Marco