Pleasant Password Server

Pleasant Password Server™ is a simple and easy-to-use password management system compatible with KeePass and Password Safe. It provides for secure storage and retrieval of multi-user passwords from a central server database, and administrative control over user access to passwords and other secrets stored.

For more information about Password Server see our website: Pleasant Password Server


Table of Contents


A. Install, Uninstall, or Upgrade
B. Server Configuration
C. Backup, Export, and Import Passwords

D. User Access Basics
E. Access Levels
F. Best Practices

G. Logging
H. SSO Server (Formerly Proxy Server)
I. LDAP & AD
J. User Administration
K. Language settings
L. Additional Features
M. Programmatic Access
N. New Features in Version 7

O. Troubleshooting

X. Common Issues

W. Purchasing Password Server

Y. End User License Agreement
Z. Release Notes

 

Frequently Asked Questions

Where do I download the latest version of Pleasant Password Server?

The latest version of Pleasant Password Server can always be found on our website. 

http://pleasantsolutions.com/PasswordServer/Download.aspx

How do I update to the latest version?

Follow these instructions.

Do I need to back up any settings between versions?

No; all settings are retained between versions, with the exception of changes manually made to configuration files where noted. You should, however, back up your database and connection string in case you need to return to an earlier version.

How do I check my version? 

Server:


KeePass Client
:

  • Go to Help > About KeePass...
  • View the Pleasant Password Server Plugin Version. This is the version number to compare in the version compatibility matrix here.
  • The number near the top of this window is the "vanilla" KeePass version on which the KeePass Client is based.

Are there Video Tutorials?

Our website has videos with step-by-step tutorials for some of the major features of PPS.

http://www.pleasantsolutions.com/Pas...er/Videos.aspx

How does Pleasant Password Server encrypt my passwords? 

With the default installation, your data is encrypted using AES-256 as provided by the SQLite Encryption Extension.

Where is the encryption key stored?

The encryption key is stored with the Connection String in an encrypted Registry key. The actual key can be found at HKLM\SOFTWARE\Pleasant Solutions\PasswordManager\ConnectionString

Since the encryption key is stored in an encrypted registry key, it can only be viewed using the Service Configuration utility.

Where are my passwords stored?

Your passwords are stored in a database. By default, an AES-256 encrypted SQLite database file is used.

However, you can also configure Password Server to use either:

  • Microsoft SQL Server 2008+
  • PostgreSQL 9+

What is the password lifecycle?

There is no assumed password life cycle, as Pleasant Password Server (PPS) simply stores your passwords. An expiry date for passwords can be set, but this serves only as documentation - PPS cannot actually expire passwords for external services because it doesn't control those services.

The Password Expiry Report will show all passwords due to expire as of a specified date, and users with Enterprise or higher licenses can receive email notifications about pending expiries.

When and where are passwords decrypted?

When a password is requested by a client, the server retrieves it from the encrypted database, deobfuscates, and passes it back to the client via secure TLS connection. Passwords are retrieved when requested, they are not actually stored on the end workstation.

What are the active security measures of Password Server?

Any active security measures are implemented at the discretion of the organisation or sysadmin. To start, we recommend hosting on a VM. See Best Practices.

Can private user password lists be kept private from admin?

Yes, using block inheritance users can have private folders. However, any admin that can access the database could theoretically decrypt the database and extract data. We recommend creating a super admin with full access and somewhat limited sub admin accounts that have less privileges and cannot surpass block inheritance set by users. See Access Levels.

What is a strong password?

Just because a password contains multiple character sets (such as uppercase and lowercase alphabet, numbers, and symbol characters) does not make it sufficiently secure. Complexity is less important than length, as password of sufficient length can defeat a password cracker, whereas complexity adds significant value only when the complexity is random or near-random. Review this article for some good tips on creating secure passwords.

https://open.bufferapp.com/creating-...cure-password/

Where is the database stored?

See here.

Can I access my passwords from an external program or a command line script?

Yes, this is possible using our RESTful API. With our API, you can have the same access to your credentials that you would have using either our web client or the KeePass client.

RESTful API

We also have the capability to export audit logs to an external application.

External Audit Logging Configuration

How can I hide the Proxy Server tab or the Client Download in the web client?

  • To hide the proxy server tab from users who are not yet logged in, check the "Hide the Proxy Server tab for users who are not logged in" checkbox in the Settings tab.
  • To hide the proxy server tab for users who are logged in, ensure that the roles to which the users belong are not granted the "Use Proxy Server" permission. The permissions for each role can be viewed and edited in the Users & Roles > Roles tab.
  • To hide the Download Client tab from users who are not yet logged in, check the "Hide the Client Download tab for users who are not logged in" checkbox in the Settings tab.
  • To hide the Download Client tab for users who are logged in, ensure that the roles to which the users belong are not granted the "View KeePass Download Instructions" permission. The permissions for each role can be viewed and edited in the Users & Roles > Roles tab.

Does KeePass for Pleasant Password Server use SSL?

Yes, in actuality it uses TLS.

Can I disable the export feature?

Yes, with the enforced config file feature. Read about Server Enforced Client Settings.

I can't connect using the iOS mobile client

The iOS version of the Password Server mobile client currently does not work with self-signed SSL certificates--this includes the default SSL certificate packaged with Password Server. This is due to iOS security restrictions. We are working on fixing this in a future release.

In order to connect using the iOS client, you must install a third-party certificate.

Refer to the guide on Installing a 3rd Party Certificate.

 

Send us an email: http://pleasantsolutions.com/PasswordServer/Contact

You must login to post a comment.