Preview only show first 10 pages with watermark. For full document please download

User Documentation Of The Self-hosted Version

   EMBED

Share

Transcript

Passwork User documentation of the self-hosted version Password manager for companies passwork.me Main product features Advanced interoperability features The safest way to store passwords To provide access, secure, one-time links are sent to email account. Database encryption, open source, your personal server. Flexible configuration of user access Public API Passwords are managed by the company, not its individual employees. Integration capability and the development of third-party clients. History of password operations Multiple system capabilities Notifications of changes, history of granted access. LDAP support, backups etc. Interface Type of access to the group Group name List of groups and folders Creating a new folder Password search in the selected group or folder List of folders and passwords Settings displays a dialog box to send an invitation to other users to join the group displays a dialog-box to generate the links to join the group list of users and their permissions for the current group list of users and their permissions for the current folder Administration Users User management This icon displays the company administrator Only activated users can log in into the system. For blocked users, the corresponding icon is displayed. The licensing policy takes into account only active users. Adding users By default, all users can register themselves into the system. You can disable this feature in the settings page and add specific e-mail addresses of users who can register. Administration Company Settings The page displays the company’s registration information and the number of available users If this option is set, you can give your colleagues a link to your local “Passwork”, and they will go through the registration process. Otherwise, you must specify all users on your own on the Administration / Users page. After registration, new users immediately acquire the administrator role. This is useful when editing your “Passwork” settings. After this, it is recommended that you disable this option. My profile When sending invitations, you must specify the e-mail address of the recipient (their Passwork account). Sometimes, one user may have multiple e-mail addresses that can be specified as aliases. You cannot log in under an alias account, but you can send an invitation to aliases. Thus, for convenience, you can register all of your e-mail address. The trial version does not have this option, but the final release of the box already has it. This option allows you to disable email notifications. Normally, notifications are sent for any change made in the groups. Shows the last 10 records with login information (IP addresses, etc.). Working with passwords Password Creation Allows you to add any number of custom fields. You can edit any field by clicking on its name. Working with passwords Quick-link buttons on the password list Copying to the Clipboard Generating password link Sending password to another user Other options Password-window settings Similar settings, as well as an additional “History” section, which shows to whom the password has been sent. Working with passwords Generating password links It allows you to create a link to a password, to forward the password to another user. When you send your password, the password will be copied and automatically saved in the recipient’s account. Domain is configured in the configuration file List of all updated links to the unique password. Links can be removed manually Time after which the link will cease working If you enable this option, more than one user can use the link Working with passwords Sharing passwords An alternative method for sharing passwords. You must specify the “Password” user e-mail. If the user is not present in the system, then a request to register will be sent to the user’s email. Working with groups Inviting a user to a group User privileges Full Access - the user has access to all the group passwords and user management of this group. Edit - the user has read and write access to the passwords, but cannot manage other users or invite other people to this group. Read Access - only read-access to passwords You must specify the Passwork user e-mail. If the user is not in the system, the system will email the user an invitation to create an account with the system. Working with groups Creating links to connect to the group If you want to invite several people to the group, or you do not know the e-mail of the invited person, you can generate a link for joining the group, and send it by mail or, for example, on Skype. Права пользователя Full Access - the user has access to all the group passwords and user management of this group. Edit - the user has read and write access to the passwords, but cannot manage other users or invite other people to this group. Read Access - only read-access to passwords The link will work for all users. One-time link (default) will be deactivated after being redirected by clicking on it. Working with groups Accepted invitations If an invitation is sent to the user, the user will be notified by mail. In addition, an extra “invitations” section will be displayed. After getting access to the group, you can edit its name Installation To begin working with Passwork, the following must be installed: 1. Web server 2. MongoDB database 3. PHP extensions: phalcon, json, mongo, pdo, ldap, mcrypt 4. Enable short PHP tag support (short_tag) 5. Install site root /public/ 6. Customize URL Rewrite (the instructions for Apache are found in the .htaccess files) Setting up the database: 1. Database dump located in /dump/ 2. Restore using the dump utility > mongorestore dump 3. The «passwork» database will be created Default account: login: [email protected] pass: DemoDemo Edit /app/config/config.ini for more-customized settings. For easier work with MongoDB, we recommend the MongoVUE free utility (for Windows). Config.ini parameters /app/config/config.ini [crypt] secret = yUO22I3z6Fgzc1*HMl1eIj5V%dHbi1Fc [ban] time = 180 ban-time in seconds The encryption key is on the server side. After changing it, access to all the passwords is lost. Key size — 16 or 32 symbols. count = 7 [application] domain = http://passwork.local interval = 60 English version domain domainru = http://ru.passwork.local Russian version domain emailFeedback[] = [email protected] Feedback email noreplyEmail = [email protected] Number of incorrect attempts to log in, after which the user is blocked Number of attempts is taken into account within this interval (in seconds) [mongo] connectionString = mongodb://localhost:27017 The connection string to the database dbname = passwork Names of databases mail for reply option useCreds = false set language (Ru or Eng) To work with MongoDB, Do I need to use a login and password disableLanguageChange = On username = lang = en disable the ability to change the language in the web interface hideSocialNetworks = On hide all links to social networks superAdminEmail = Super-Admin account (the admin’s e-mail in the system). The super-admin cannot reset password, remove the administrator role or disable it. It is recommended to add it to all groups to be able to restore access to them if users forget their secret code-word csrf = Off password = [memcache] host = 127.0.0.1 port = 11211 Not used [ldap] enable = Off Enable authentication through an LDAP server server = localhost Disabling CSRF protection. LDAP server address on the network [logger] enableJsonLogger = On port = 389 Enable JSON data logger. Logged operations with passwords (analogue notifications by e-mail) jsonLoggerPath = ../app/log.json Access to log file Port [backup] enableLogin = Off Allow the use of a backup database базы данных LDAP If the options to use the LDAP are configured and enabled on the config.ini, the authentication process takes place as follows 1. During the authorization process, the user account is check and validated on the same login (email) and password as on the LDAP server. If the LDAP authenticates the account, the user is authorized to access “Passwork”. In this mode, “Passwork” password authentication is not validated. 2. During registration, the user details are also tested in the LDAP server. If the LDAP server authenticates the user, the user’s password is stored in “Passwork”. It is recommended that all users install a security code-word. 3. Resetting the password on the user list page (or profile) will not lead to the blocking of the user, since authentication is done on the LDAP server. At the same time, if the user does not have a secret codeword, access to the data will be lost, because the system will prompt for the old authorization password. To work with LDAP, you must install the PHP extension php5- ldap (ldap.so). Secure connection can be set via the parameter: server = ldaps: // localhost In this case, the LDAP server certificates must be installed properly (along with intermediate certificates). For LDAP debugging operations, you can use the file / public / ldap test.php Back-ups To simplify backup settings, you can use the file /app/cli/dump.php It can be run in CLI mode: > php dump.php It can also set to perform on cron. The script creates a copy of the database with the name «passwork_backup_1», then «pass- work_backup_2», etc. The /app/cli/back.index file stores the current index backup. When the index number comes to an end, it is reset to 1, and the «passwork_ backup_1» base is re-emptied. Edit dump.php, to set up: $host = ‘localhost’; Database host $connectionString = “mongodb://$host”; The connection string $originalDB = “passswork”; Database Name $dbMask = “passwork_backup_%”; Mask to create backups $cycleSize = 3; “Cycle” Size Install $ cycleSize = 7, set the start dump.php once a day, and this way store the last 7 daily copies of the database. Dump files can be created using MongoDB utilities (mongodump and mongorestore). Each backup database creates a «backupinfo» collection with the backup date. The live switch to the backup database If the option is enabled [Backup] enable Login = On It is thus possible to switch to the backup database by specifying the following GET parameter: http://passwork.local/?database=passwork_backup_1 The database name is stored in the current user session, and will be displayed in the site’s header. To exit this mode, set enableLogin = Off. Users who do not go to http://password.local/?database=pass-work_backup_1 will not notice the changes and continue to use the production database. Contact details Email: [email protected] Skype: beentech Phone: +7 952 259 2014