Skip to content
Snippets Groups Projects
Alexandre Iooss's avatar
21b13247

cPasswords

cPasswords is a group password manager develop by the CRANS.

Client installation

  • Add you GPG fingerprint and your SSH key to the cpassword server. For the CRANS, you can do this on the intranet.
  • Clone the code, git clone git@gitlab.crans.org:nounous/cranspasswords.git,
  • Launch pip3 install --user .,
  • Make sure the install path (~/.local/bin) is in your $PATH,
  • Try cranspasswords test to decrypt a test password.

Server installation

  • Clone the code, git clone git@gitlab.crans.org:nounous/cranspasswords.git,
  • Launch pip3 install --user .,
  • Add a sudoers rule to enable users from sudoers_group to launch cpasswords, %sudoers_group ALL=(root) NOPASSWD: /usr/local/bin/cranspasswords-server
  • Copy and adapt docs/serverconfig.example.py to /etc/cranspasswords/serverconfig.py.
  • Create /var/lib/cranspasswords/db/ with owner root and mod 700 (root only).

How to

Develop

With a Python virtualenv,

python3 -m venv venv
. venv/bin/activate
pip install -e .

Then you will be able to launch the client with cpasswords or the server with cpasswords-server.

Change command name

If you wish to rename the command from cranspasswords to something else, define COMMAND_NAME environment variable before executing pip install during the installation of the client or server.

Import cPasswords

To import client.py from another script, you may need to specify where is his configuration :

export CRANSPASSWORDS_CLIENT_CONFIG_DIR=/path/to/config/dir/

Install completion

With bash, you can add to ~/.bashrc :

source <this repo path>/docs/bash_completion
complete -F _cranspasswords_completion <command name>

Troubleshoutings

To troubleshot, you -vv option to activate debug.

""“sudo: sorry, a password is required to run sudo”""

Check sudoers file on server side.