ITPWD_main

ITPWD_view ITPWD_edit ITPWD_section

 Update :
New features have been added :
  • Using a new PHP tool to work with Active Directory : http://adldap.sourceforge.net/
  • Multiple group support
  • Login/logout
  • New design
  • Fix ‘New entry’ bug
  • Password sections are now in a configuration file
  • Improved security
  • Edit tabs through the interface
  • Tested on Internet Explorer 9 and Firefox 16


Purpose :

This project is a secure password repository to store and manage them based on Apache web server, PHP and MySQL. The features are :

  • Apache Web server using SSL
  • website access require an Active Directory authentication
  • individual ACL for each password record
  • password are located on a MySQL database and encrypted using AES algorithm
  • search easily a password record
  • keep a browsing history : you know who read a password entry and when

Pre-requesites :

Installation :

Wamp
  • Install WAMP Server with all default settings (default path is c:\wamp)
  • After the installation, create a folder “bkp” under c:\wamp\www
  • create a folder “ssl” under c:\wamp\www
  • Move the files located in c:\wamp\www to c:\wamp\www\bkp
  • Extract the files contained in the file WampSSL.zip to the path c:\openssl
  • Follow this guide (thanks to JLBN) to configure WAMP to use SSL
    • Open a command prompt
      • Type : c:
      • Type : cd C:\openssl\WampSSL
      • Type : openssl genrsa -aes256 -out pass.key 2048
      • Enter a pass phrase and keep it
      • Type : openssl rsa -in pass.key -out pwd_db.key
      • Enter the pass phrase that you have created before
      • Type : openssl req -new -x509 -nodes -sha1 -key pwd_db.key -out pwd_db.crt -days 999 -config C:\wamp\bin\apache\apache2.2.17\conf\openssl.cnf
      • Enter the informations required to create your certificate
      • For the common name, enter the domain pwd_db
    • Open the folder c:\wamp\bin\apache\apache2.2.17\conf and then create the folder ssl
    • Copy the files pwd_db.key and pwd_db.crt to the folder c:\wamp\bin\apache\apache2.2.17\conf\ssl
    • Create the folder c:\wamp\bin\apache\apache2.2.17\conf\ssl\logs
    • Edit the file c:\wamp\bin\apache\apache2.2.17\conf\extra\httpd-ssl.conf
      • Replace the line :
SSLSessionCache “shmcb:C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)”
by this line
SSLSessionCache “shmcb:C:/wamp/bin/Apache/apache2.2.17/conf/ssl/logs/ssl_scache(512000)”
  • Replace the line :
SSLCertificateFile “C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.crt”
by this line
SSLCertificateFile “C:/wamp/bin/Apache/apache2.2.17/conf/ssl/pwd_db.crt”
  • Replace the line :
SSLCertificateKeyFile “C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.key”
by this line
SSLCertificateKeyFile “C:/wamp/bin/Apache/apache2.2.17/conf/ssl/pwd_db.key”
  • Replace the line in the Virtual Host section :
# General setup for the virtual host
DocumentRoot “C:/Program Files/Apache Software Foundation/Apache2.2/htdocs”
ServerName localhost:443
ServerAdmin admin@localhost
ErrorLog “C:/Program Files/Apache Software Foundation/Apache2.2/logs/error_log”
TransferLog “C:/Program Files/Apache Software Foundation/Apache2.2/logs/access_log”

by this line
# General setup for the virtual host
DocumentRoot “C:/wamp/www/ssl”
ServerName localhost:443
ServerAdmin admin@localhost
ErrorLog “C:/wamp/bin/Apache/apache2.2.17/conf/ssl/logs/ssl_error.log”
TransferLog “C:/wamp/bin/Apache/apache2.2.17/conf/ssl/logs/ssl_access.log”

  • Replace the line in the Virtual Host section :
<Directory “C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin”>
SSLOptions +StdEnvVars
</Directory>
by this line

<Directory “C:/wamp/www/ssl”>
SSLOptions +StdEnvVars
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>

  • Replace the line :
CustomLog “C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_request_log” \”%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”
by these lines
CustomLog “C:/wamp/logs/ssl_request.log” \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”
    • Open file httpd.conf in folder C:/wamp/bin/Apache/apache2.2.17/conf and uncomment the lines :
      • Include conf/extra/httpd-ssl.conf
      • LoadModule ldap_module modules/mod_ldap.so
      • LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

 

      • Save and close all the files
      • Left click on WAMP tray icon and navigate to Apache modules
      • Scroll down until seeing ssl_module; then, left click on it to enable SSL on WAMP
      • Next, navigate to PHP extensions
      • Scroll down until seeing php_openssl; then, left click on it to enable open_ssl on WAMP
      • Scroll down until seeing php_ldap; then, left click on it to enable php_ldap on WAMP
      • Open folder C:\wamp\bin\apache\apache2.2.17\bin and copy 2 files libeay32.dll and ssleay32.dll to C:\Windows\System32
      • Restart All Services on WAMP tray icon
MySQL
    • Go to https://localhost/phpmyadmin
    • Click on “Import” tab
    • Select the file pwd_db.sql
    • Click “Execute” button

 

Password database configuration files
    • Extract the files contained in the file pwd_db_ws.zip to the path c:\wamp\www\ssl
    • Edit the file C:\wamp\www\ssl\index.php and configure the following variable :
      • protected $auth_realm
      • line 615 (replace groupITPWD-adm by the admin group name allowed to edit the tabs) :    if (strpos($groupIDStr, “groupITPWD-adm”)) {
    • Edit and configure the following variables in the file C:\wamp\www\ssl\adLDAP\src\adLDAP.php :
      •  protected $accountSuffix
      •  protected $baseDn
      •  protected $domainControllers
      •  protected $adminUsername
      •  protected $adminPassword
    • Edit the file  C:\wamp\www\ssl\@.security to define the allowed groups (DO NOT ADD BLANK LINES IN THIS FILE)

 

  • Edit the file C:\wamp\www\ssl\section.cfg to create your own password categories

 

 If you have any problems, contact me !
Thank you to

<>

My Powershell script categories

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Social Media Auto Publish Powered By : XYZScripts.com
%d bloggers like this: