(This is a bit off topic, but I though might be helpful to some developers, it deals more with security concepts than PHP per se)
I may be going out on a limb here, but I doubt you'll find something in the GPL/open source domain. we've built our own and pretty much does what you've described (used to work for a bank I did) If I could help to put you on the right track in terms of design, what you'll need is not just a password system, sounds like you want a authority system, with groups & roles. You really want to design a system that relies on resource "objects" for authentication and authorisation. Also to complete the security jargon, encryption and non-repudiation (mostly means logging & auditing) If you want to look at something that W3C is working on, try SAML, the security assertion markup lang... but it's in draft last time I looked, and that deals with authority and authentication. and it's all markup-ish and xml-ish of course ;-) There should be some tools based on SAML out there, I haven't looked, possibly not in PHP though. Back to building it: Think of authentication not only as a passwords, there's PIN authentication, there's token authentication, (one use tokens or multi-use tokens) and also digital certs, smart cards, RPGs (random password/pin gens ala SafeWord), etc (ie, password types) Then you need to ask, can a user with the right password access this resource? Does he need a password AND a cert? Does this bank account need two authorisers to sign off before you allow the money transfer? Of course one way crypt passwords are a must, but that's so simple it's a given. The above are just some things to think about before you embark on you quest to find the solution :) And it really depends what you want to do and how robust your solution needs to be. I can give you a few pointers if you want to take the discussion offline and email me. "Daevid Vincent" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] I'm in search of an 'enterprise level' password storage system. I have looked at phpMyPass and it looks promising, but the demo doesn't seem to have everything I want. http://freshmeat.net/releases/127316/ While this one says v2.0 http://www.phpmypass.paniris.com/ Says 1.0 ?? I need it to be multiuser, have different security levels/access, encrypt and decrypt on the fly (phpmypass has all the passwords in the rendered HTML page :-( ), grouping of passwords (i.e. 'internal servers', websites, banks, clients sites, personal, etc). Ideally it should use mod_auth_mysql for security. The storage should be encrypted so that even root can't see the passwords in the database without the decryption key. Perhaps use a strong crypto algorithm for the important fields, not just the pw. I'd like to store: common name, url, username, pw, notes, incept date, last mod date at least. I could build this myself, or I could take phpMyPass and run with it, but I thought I'd see if there were anything else out there before I build this. http://daevid.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php