Update :
New features have been added :
- Using a new PHP tool to work with Active Directory : http://adldap.sourceforge.net/
- Multiple group support
- Login/logout
- New design
- Fix ‘New entry’ bug
- Password sections are now in a configuration file
- Improved security
- Edit tabs through the interface
- Tested on Internet Explorer 9 and Firefox 16
Purpose :
This project is a secure password repository to store and manage them based on Apache web server, PHP and MySQL. The features are :
- Apache Web server using SSL
- website access require an Active Directory authentication
- individual ACL for each password record
- password are located on a MySQL database and encrypted using AES algorithm
- search easily a password record
-
keep a browsing history : you know who read a password entry and when
Pre-requesites :
- Windows OS
- WAMP Server
- WAMP SSL (or my mirror)
- MySQL Database creation script : pwd_db.sql
- Password database website : itpwd.tar
Installation :
Wamp
- Install WAMP Server with all default settings (default path is c:\wamp)
- After the installation, create a folder “bkp” under c:\wamp\www
- create a folder “ssl” under c:\wamp\www
- Move the files located in c:\wamp\www to c:\wamp\www\bkp
- Extract the files contained in the file WampSSL.zip to the path c:\openssl
- Follow this guide (thanks to JLBN) to configure WAMP to use SSL
- Open a command prompt
- Type : c:
- Type : cd C:\openssl\WampSSL
- Type : openssl genrsa -aes256 -out pass.key 2048
- Enter a pass phrase and keep it
- Type : openssl rsa -in pass.key -out pwd_db.key
- Enter the pass phrase that you have created before
- Type : openssl req -new -x509 -nodes -sha1 -key pwd_db.key -out pwd_db.crt -days 999 -config C:\wamp\bin\apache\apache2.2.17\conf\openssl.cnf
- Enter the informations required to create your certificate
- For the common name, enter the domain pwd_db
- Open the folder c:\wamp\bin\apache\apache2.2.17\conf and then create the folder ssl
- Copy the files pwd_db.key and pwd_db.crt to the folder c:\wamp\bin\apache\apache2.2.17\conf\ssl
- Create the folder c:\wamp\bin\apache\apache2.2.17\conf\ssl\logs
- Edit the file c:\wamp\bin\apache\apache2.2.17\conf\extra\httpd-ssl.conf
- Replace the line :
- Open a command prompt
SSLSessionCache “shmcb:C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)”
by this line
SSLSessionCache “shmcb:C:/wamp/bin/Apache/apache2.2.17/conf/ssl/logs/ssl_scache(512000)”
by this line
SSLSessionCache “shmcb:C:/wamp/bin/Apache/apache2.2.17/conf/ssl/logs/ssl_scache(512000)”
- Replace the line :
SSLCertificateFile “C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.crt”
by this line
SSLCertificateFile “C:/wamp/bin/Apache/apache2.2.17/conf/ssl/pwd_db.crt”
by this line
SSLCertificateFile “C:/wamp/bin/Apache/apache2.2.17/conf/ssl/pwd_db.crt”
- Replace the line :
SSLCertificateKeyFile “C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.key”
by this line
SSLCertificateKeyFile “C:/wamp/bin/Apache/apache2.2.17/conf/ssl/pwd_db.key”
by this line
SSLCertificateKeyFile “C:/wamp/bin/Apache/apache2.2.17/conf/ssl/pwd_db.key”
- Replace the line in the Virtual Host section :
# General setup for the virtual host
DocumentRoot “C:/Program Files/Apache Software Foundation/Apache2.2/htdocs”
ServerName localhost:443
ServerAdmin admin@localhost
ErrorLog “C:/Program Files/Apache Software Foundation/Apache2.2/logs/error_log”
TransferLog “C:/Program Files/Apache Software Foundation/Apache2.2/logs/access_log”
DocumentRoot “C:/Program Files/Apache Software Foundation/Apache2.2/htdocs”
ServerName localhost:443
ServerAdmin admin@localhost
ErrorLog “C:/Program Files/Apache Software Foundation/Apache2.2/logs/error_log”
TransferLog “C:/Program Files/Apache Software Foundation/Apache2.2/logs/access_log”
by this line
# General setup for the virtual host
DocumentRoot “C:/wamp/www/ssl”
ServerName localhost:443
ServerAdmin admin@localhost
ErrorLog “C:/wamp/bin/Apache/apache2.2.17/conf/ssl/logs/ssl_error.log”
TransferLog “C:/wamp/bin/Apache/apache2.2.17/conf/ssl/logs/ssl_access.log”
- Replace the line in the Virtual Host section :
<Directory “C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin”>
SSLOptions +StdEnvVars
</Directory>
by this line<Directory “C:/wamp/www/ssl”>
SSLOptions +StdEnvVars
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
- Replace the line :
CustomLog “C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_request_log” \”%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”
by these lines
CustomLog “C:/wamp/logs/ssl_request.log” \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”
by these lines
CustomLog “C:/wamp/logs/ssl_request.log” \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”
- Open file httpd.conf in folder C:/wamp/bin/Apache/apache2.2.17/conf and uncomment the lines :
- Include conf/extra/httpd-ssl.conf
- LoadModule ldap_module modules/mod_ldap.so
- LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
- Save and close all the files
- Left click on WAMP tray icon and navigate to Apache modules
- Scroll down until seeing ssl_module; then, left click on it to enable SSL on WAMP
- Next, navigate to PHP extensions
- Scroll down until seeing php_openssl; then, left click on it to enable open_ssl on WAMP
- Scroll down until seeing php_ldap; then, left click on it to enable php_ldap on WAMP
- Open folder C:\wamp\bin\apache\apache2.2.17\bin and copy 2 files libeay32.dll and ssleay32.dll to C:\Windows\System32
- Restart All Services on WAMP tray icon
MySQL
-
Go to https://localhost/phpmyadmin
-
Click on “Import” tab
-
Select the file pwd_db.sql
-
Click “Execute” button
Password database configuration files
- Extract the files contained in the file pwd_db_ws.zip to the path c:\wamp\www\ssl
- Edit the file C:\wamp\www\ssl\index.php and configure the following variable :
- protected $auth_realm
- line 615 (replace groupITPWD-adm by the admin group name allowed to edit the tabs) : if (strpos($groupIDStr, “groupITPWD-adm”)) {
- Edit and configure the following variables in the file C:\wamp\www\ssl\adLDAP\src\adLDAP.php :
- protected $accountSuffix
- protected $baseDn
- protected $domainControllers
- protected $adminUsername
- protected $adminPassword
- Edit the file C:\wamp\www\ssl\@.security to define the allowed groups (DO NOT ADD BLANK LINES IN THIS FILE)
- Edit the file C:\wamp\www\ssl\section.cfg to create your own password categories
If you have any problems, contact me ! |
Thank you to
My Powershell script categories
- Active Directory
- Cluster
- Database
- Exchange
- Files and folders
- Hardware
- Network
- Operating System
- PKI
- SCCM
- Service and process
- Tips
- VMWare
Free and secure password repository (PHP/JQuery/Ajax)