Password Safe and Repository

Configure network logon

Configure network logon

Previous topic Next topic  

Configure network logon

Previous topic Next topic  

Notice:

Please notice that you need a license of the module "Network Logon" at the client for this, also if you want to carry out the configuration at the server. You can buy the module in the online shop or order it on account.

 

Basically

Via the additional module "Network Logon" you can centrally provide a database configuration at the clients. For this a profile file will be created in which one or several database configurations are maintained encrypted.

 

Technology and security

The profile file is doubly encrypted with AES (256 Bit). Hereby a public key and optionally a private key is used. The public array only contains information on the access rights of the file and is encrypted with the public key. The private array is only encrypted if the access rights suffice in the public array. In the private array there are all information on the particular database configuration.

 

Even if the Network Logon is already safely encrypted with the public key we basically suggest to deposit an additional private key. This private key has to be entered by the user at the start of the program. Due to the additional use of a private key the private array can only be decrypted if the user knows the password for it. Only Password Safe knows the public key and it can only be opened by the software and with an active module "Network Logon".

 

You can also give away a password which is required to edit the profile file. This password should be set basically. So you can protect the profile file from editing without using a private key.

 

What happens at the client?

If the client finds the profile file "psr.nlc", it will be opened automatically and checked if the client has access rights to use the profile file. If this is the case the contained database configuration will be started at the client. If only one configuration is contained an immediate auto login at the accordant database will be made. If several databases are contained they will all be provided at the client. For the login a click on OK is enough to start the login.

 

Configuration

In the menu "extras" you can find the menu item "configure network logon". Afterwards the window, in which you create the profile file or edit existing ones, opens.

 

Create new profile

Click on "add profile" -> "add database" and carry out the database assistant to add the configuration. Generally you will only add databases of the type "Enterprise". But you can also configure Standard and Professional databases. To do so it is necessary to set the database password in the list via the context menu afterwards.

 

Edit profile

Click on an entry in the list and then choose "edit profile" in the context menu. Alternatively you can do this with a double click on the accordant entry. If only the password of the database has changed you can reset it in the list directly via the context menu.

 

Settings and access rights

You can set passwords and access rights via the profile settings.

 

Password for whole profile file

This is the private key (Private-Key) of the profile file. If you set this password every user that is allowed to use this profile file has to enter the password at the start of Password Safe. The private array in the profile file will then be encrypted with this password. Without this password the profile file can no longer be opened.

 

Password for editing the profile file

If you set this password the profile file can only be opened for editing if the password has been entered.

 

User

Here you can deposit computer users who can access the profile file. For the testing the Windows login name is used.

 

Computer

Here you can deposit computer names which can access the profile file. For the testing the Windows computer name will be used.

 

IP

Here you can deposit IP address arrays or single IP addresses which can access the profile file.

 

Example:

192.168.0.1

 or

192.168.0.100-192.168.0.120

 

Notice:

Please notice that user, computer and IP access restrictions are linked with AND. That means that if you deposit data in one of the arrays, also in all three arrays, the user has to be deposited in a way that all conditions are fulfilled. An OR link-up is not designated. Also the user, computer or IP array which is allowed to edit the profile file, should be contained, otherwise the profile file can no longer be opened for editing.

 

Providing at the client

In order that the client finds the profile file you can deposit it under different places. The profile file should be named "psr.nlc". Following you can see the order listed in which places the profile file is searched for.

 

1.In the environment variable of the client (PSR_NLC_FILE). Here you can define the path including the file name yourself.
 

2.In the registry. Here you can define the path including the file name yourself.
 
Sector:
HKEY_CURRENT_USER\Software\MATESO\PasswordSafe\Options
Entry:
NetworkLogonFile
 

3.In the configuration file of the client (psr.pc6) under <Common> <NetworkLogonFile>. Here you can define the path including the file name yourself.
 

4.In the program path of the application. The file name has to be "psr.nlc".
 

5.In the personal document directory. Under XP in "own files". The file name has to be "psr.nlc".
 

6.In the AppData directory of the user, where also the configuration file of Password Safe lies. The file name has to be "psr.nlc".
 
Windows Vista/Windows 7:
C:\Users\user name\AppData\Roaming\PasswordSafe\psr.pc6
 
Windows XP:
C:\documents and settings\user name\application data\PasswordSafe\psr.pc6

 

 

 

Notice:

After an upgrade to a later version (e.g. from version 5 to version 6), the network logon has to be configured again.

 

If one of the following points changes, the network logon file has to be configured again, or updated:

- Database name

- IP address of the server

- Port of the server

- Client server initial connection password