Jamf Nation Community

donmontalvo · ‎06-16-2014

Tired of typing your JSS password every time you walk away from the computer?

Not wanting to tweak Tomcat timeout, which is fragile and may raise security flags?

If either...please vote up:

"Save Password" option for JSS site ;)
https://jamfnation.jamfsoftware.com/featureRequest.html?id=2322

--
https://donmontalvo.com

Johnny_Kim · ‎06-16-2014

external image link

scottb · ‎06-16-2014

I use the Safari extension (there are others and also some for other browsers) "Repete".
http://pavelkunc.cz/projects/repete/
Works great. No such issues - just set mine to reload my JSS page every 10 mins.
But I would not fight this being added to the JSS.

donmontalvo · ‎06-16-2014

@boettchs Unfortunately we're restricted from using third party solutions, or we'd be using 1Password or LastPass. :)

--
https://donmontalvo.com

bentoms · ‎06-16-2014

@donmontalvo, write your own: http://macmule.com/2014/05/20/how-to-create-a-custom-safari-extension-bar/

scottb · ‎06-16-2014

@donmontalvo: OK, for sure I can see that being an issue and will vote up!

donmontalvo · ‎06-16-2014

@bentoms Same problem, it would have to go through an intense review/approval process...not likely to get approved. :/

--
https://donmontalvo.com

mm2270 · ‎06-16-2014

Interesting. You can't use a simple browser extension, yet they'd be OK with storing JSS credentials so it auto logs in, presumably with full JSS Admin rights? I find that very peculiar.
Personally. I don't think this is a good idea. I think the JSS not storing those creds by default is the more secure way to go. While JAMF can't prevent someone from using something like 1Password, LastPass or even Safari's built in password storage, I don't think they should add that as a feature. Keep in mind that for them to sell their product in some regions of the world, the product goes through some heavy security scrutiny. If it was found this was added, it could take them off the table for consideration, or even cause some orgs to drop their product altogether. For example, I know for a fact that one company nearly didn't go with the Casper Suite because it had the ability to track Application Usage, even though its not on by default. The labor unions in their country took serious issue with the fact that it was even possible to do this with the product.

Anyway, I see this as a security issue myself and would not want it personally. I'm willing to bet others may feel the same way. (yes, even if its only optional)

And BTW, can you not just use Safari's password storage to at least auto fill it? That would prevent needing to type it in at the very least. You can't rip that function out of the browser that I'm aware of.

karthikeyan_mac · ‎06-17-2014

I think it works with iCloud Keychain. When we enable it, we get option to save the username and password in JSS site. If you remove the iCloud Keychain, its stored in Local Items.

Thanks & Regards,
Karthikeyan

donmontalvo · ‎06-17-2014

@mm2270 and @karthikeyan.mac That's good info, I guess if we're locking down Safari settings (using MCX, enforced settings), then having a checkbox in Safari won't be helpful. I guess the real solution is to keep your password on a bright yellow Stickie under your keyboard. :)

--
https://donmontalvo.com

Jamf Nation Community

Feature request: Save Password" option for JSS site ;)