Forum

Posts by vanbope (vanbope)

vanbope
vanbope
Posts: 13

OK, thanks for the update.

6 yrs Firefox extension
vanbope
vanbope
Posts: 13

Not really, the sites on which it fails are internal sites :-(.

But for these sites (a jenkins login and an ST itcgwy login) the chrome extension works without a problem.

I double checked with the colleage and apparently for https://www.redhat.com/wapps/sso/login.html it did work. The only difference we see is that for the internal we have multiple web entries per site. Now I added a dummy web entry for redhat and now it gives a problem as well. If I double click one of the credentials the screen just re-appears, if I double-click it again, the form will be filled out. For one of the internals however it seems like he never wants to fill out the form.
It seems thus that the problem only occurs when multiple entries exist for a website.
Kind regards,

Peter

6 yrs Firefox extension
vanbope
vanbope
Posts: 13

Hi,

Currently my colleagues are testing password vault. Some of them are using firefox and noticed that the extension is not working for them. When browsing to a page that has a corresponding web data entry, they get a popup from password vault manager to select the credential which they want to have autocompleted. When they double-click one it doesn't autofill the form. Instead it reopens the pop-up.

It has been tested with an extension that was downloaded yesterday from your website.
Kind regards,

Peter

6 yrs Firefox extension
vanbope
vanbope
Posts: 13

Thanks, this is indeed working!

6 yrs User doesn't get the appropriate rights
vanbope
vanbope
Posts: 13

Hi Maurice,

Thanks for your reply.

But I am not sure I understand your post (screenshot doesn't show and I think this was to show the solution). Is this a grant I need to do on the DB or on Passwordvault?

Or are the public folders permissions , the "Add" , "Edit" and "Delete" on top of the permissions grid? Because I give these in a role but I need to give them on user level as well?


Kind regards,

6 yrs User doesn't get the appropriate rights
vanbope
vanbope
Posts: 13

Hi,

In the application log I don't see anything. The bottom shows:


[14/04/2014 10:25:34]ERROR SILENT System.DirectoryServices.AccountManagement.PrincipalOperationException: The referenced account is currently locked out and may not be logged on to.
---> System.Runtime.InteropServices.COMException (0x80070775): The referenced account is currently locked out and may not be logged on to.

at System.DirectoryServices.AccountManagement.UnsafeNativeMethods.IADs.Get(String bstrName)
at System.DirectoryServices.AccountManagement.CredentialValidator.BindSam(String target, String userName, String password)
--- End of inner exception stack trace ---
at System.DirectoryServices.AccountManagement.CredentialValidator.BindSam(String target, String userName, String password)
at System.DirectoryServices.AccountManagement.CredentialValidator.Validate(String userName, String password)
at System.DirectoryServices.AccountManagement.PrincipalContext.ValidateCredentials(String userName, String password)
at Devolutions.RemoteDesktopManager.Managers.LockManager.ValidateIntegratedSecurity(String username, String password)


And indeed this morning I locked my own account due to azerty/qwerty mix up. But now I cleared the log, closed it and recreated the account.

The message about the password did indeed show up so I ignored it.

Behavior is still as before however. He gets the error from previous post. Strange thing is that he doesn't see its new entries not even when he refreshes (F5) but when he restarts the vault he does see the entry. But I (administrator) cannot see the entries he created.

When I inspect my log (administrator that created the user) it is still blank.

I attached the logfile of the user.
Kind regards,

Peter

6 yrs User doesn't get the appropriate rights
vanbope
vanbope
Posts: 13

Hi,
I tried to create another user in a SQLServer database. I used the sa account of SQLServer and I selected 'Create SQL Server Login and User'.

After creation I grant the user a role which has access on the appropriate security groups. The user can see all the information he is supposed to see but when he tries to create an entry he gets the following message:

passwordVaultError

Can it be that something goes wrong with the grants when you create a new user?
Is there a workaround?
Kind regards,

Peter

6 yrs User doesn't get the appropriate rights
vanbope
vanbope
Posts: 13

Hi,

(As you may have read in other of my posts) I am currently reviewing Password Vault Manager as a tool to manage passwords for my company.

I recently noticed that I could not limit the permissions of administrator user. I filed is as a bug but Maurice Cote pointed out that it was by design.

Is it possible to foresee this possibility of limiting permissions in the future? So that if I would set the permissions as follows:

Permissionspwvault

admin2 would NOT have access to the data entries in the security group called "admin2_secret".

In my view an admin can view all security groups and can grant permissions to any user (including himself) but it should be possible to exclude himself or other administrators from certain groups.

The reason why it is interesting to my company (and I'm sure also other companies) is because we have multiple small teams. Each team is more or less independent of one another therefore each team will be having it's own administrator that can grant access to members of his team. Administrators of team A do not have interests in most of the passwords of team B therefore it is best to just not show those passwords to these administrators.

This way an administrator will not be able to copy or view passwords by accident since the steps that would be needed for that is:
1) granting himself permissions to the security group
2) then view the password of the data entry

Since step 1 is very, very unlikely to be performed by accident, it can be interpreted as bad intent. While just viewing a password which is in the list can be done more easily by accident but on auditing checkup can be interpreted as bad intent as well.

I think one of the main strengths of your product is the generality and the possibility to deploy it for the company using site-based licenses. This will be one of my main selling points to management but it would be handy to have the feature mentioned above to assure my colleagues that no other admins will see their passwords by accident and that they still have the possibility to work independent (provision their own team members).

Kind regards,
Peter

6 yrs Provide possiblity to limit permissions for admin
vanbope
vanbope
Posts: 13

Ok, thanks for your reply. I thought it would be like this but I still consider it sub-optimal :-).

But in anycase I consider it a bug that in the GUI you can deselect the checkboxes for the permission and click save.

I would expect one of the following behaviors:
1) It is impossible to disable the checkboxes (they are greyed out) (for me the most logical one)
2) You get a warning message when saving that the administrator will still have the rights.

Because now the window dissappears and since I didn't get a warning I supposed everything was OK, untill I checked with the other admin account and noticed it wasn't. Then when I looked back I saw that the boxes where checked again. So he doesn't complain but in fact doesn't change anything under the hood either which is very confusing.

But now that I know I'll keep it in mind.

6 yrs Cannot limit permisisions of administrator on sg
vanbope
vanbope
Posts: 13

Hi,

Still testing password vault and I noticed that when I create a second administrator (e.g: admin2) and when I create a security group admin1_private I cannot revoke the viewing,adding, editing nor deleting rights from admin2 on this security group.

In the Security Group Rights window you can per user add or remove certain rights. When I however deselect the rights on admin2 and click save, the rights are not revoked. The popup window just disappears without a warning. When opening the security group rights window again it is clear that permissions are not limited.

This is really a shortcoming for us since we don't think an administrator should have viewing rights (or other rights) on every entry. An administrator should be user that can administrate users, security groups and roles. As long as auditing is done it isn't even a problem that an administrator can change its own rights, because at least you would have an audit trail and know if an admin is doing things he isn't supposed to do.
Kind regards,

Peter

6 yrs Cannot limit permisisions of administrator on sg
vanbope
vanbope
Posts: 13

Yes indeed completely solved in new version! Thanks!

6 yrs Only see part of the name of a credential
vanbope
vanbope
Posts: 13

Hi, I verified it and it is indeed a workable solution.

Thank you very much!

6 yrs Only see part of the name of a credential
vanbope
vanbope
Posts: 13

Hi,
I am evaluating password vault manager for use in our company. For testing I added some credentials and now I want to create new Data Entries (of type Web) and use the credential repository such that I don't have to input the same credential multiple times. When using the dropdownlist for the credential repository it is quite unusable. Since I created a hierarchy to organize credentials the namings in the dropdownlist are wider than the list width. As a result it is almost impossible to find the correct credential. I would think there should be a button next to the dropdownlist (with for example 3 dots like ...) that gives a window that let you select the correct credential in an explorer-like fashion. This type of 'browsing' is used on other places in the app but it only seems logical that here it is used as well as currently it is not doable to efficiently select the correct credential as it is impossible to resize the dropdownlist. (Even enlarging the window doesn't help as the dropdownlist remains with the same width).


I am talking about the following window:


Password+Vault+Manager+6

Is this already know? If so is there a nice workaround or a fix?

Kind regards

6 yrs Only see part of the name of a credential