This is part 7 of a multi-part article. Part 1 is available here, part 2 is available here, part 3 is available here, and part 4 is available here. Part 5 is here. Part 6 is available here. Part 1 discusses the importance of complex passwords and also discusses some ways to create them in Linux. Part 2 covers the KeepassX, a program with a very nice graphical user interface. Part 3, takes a look at the gpass program which is a nice graphical user interface for the gnome desktop (will work on others too), part 4 takes a look at the command line pwsafe. Part 5 takes a look at the command line cpm (console password manager). Part 6 takes a look at ked password manager that has both a GTK2 and cli interface.

In part 7, we will take a look at gorilla password manager. Initially, I wasn't going to cover this particular password manager because there wasn't an ebuild available for gentoo / sabayon Linux. However, the installations is very easy and it supports the version 3.x database of the Windows Password Safe by Counterpane Labs. Gorilla is also a cross-platform application, able to be installed and run on Microsoft Windows, Mac OS X, Linux, Solaris, *BSD, Windows Mobile, Pocket PC, Windows CE, and is also available via source code under the gnu gpl.

ABOUT

The Password Gorilla helps you manage your logins. It stores all your user names and passwords, along with login information and other notes, in a securely encrypted file. A single "master password" is used to protect the file. This way, you only need to remember the single master password, instead of the many logins that you use.

If you want to log in to a service or Web site, the Password Gorilla copies your user name and password to the clipboard, so that you can easily paste it into your Web browser or other application. Because the password does not appear on the screen, Password Gorilla is safe to use in the presence of others.

The convenience of Password Gorilla allows you to choose different, non-intuitive passwords for each service. An integrated random password generator can provide one-time passwords, tunable to various services' policies.

Password Gorilla offers a few stand-out features, such as the merging of password databases. This is particularly useful if you have multiple copies of your database (e.g., at home and at work). Occasionally, you can then merge the two databases, collecting the updates you made on either end.

Also, Password Gorilla is an independent alternative to Password Safe. In the unlikely event that development of Password Safe is ever discontinued, you will still be able to use Password Gorilla to access your password database files.

INSTALLATION

Download Password Gorilla as a platform-independent, ready-to-run Starkit (239 kB). The easiest way to do this tutorial is to create a folder on your desktop called gorilla and download Password Gorilla to that folder. You will also download the tclkit below to the same folder.

To run the Password Gorilla Starkit, you need a Tclkit for your platform. Tclkits exist for many operating system, including Windows, Mac OS X, Linux, FreeBSD and others. (Mac OS X note: you need the Wishkit, not the Tclkit.) Follow the link to the "Download" section in the right-hand menu, and then to the "download area." Use any "8.4" version.

Here is the link for x86 linux distributions tclkit version 8.4.17 Make sure you download the tclkit to the gorilla folder (the the same folder you downloaded Password Gorilla too.

Here is the link for the x86-64 linux distributions tclkit version 8.4.17 Make sure you download the tclkit to the gorilla folder (the the same folder you downloaded Password Gorilla too.

After you download both password gorilla and the tclkit to the same folder, we need to extract the tclkit which in a gzip. To extract it, run this from a shell (those of you using gnome or kde desktops can also right click on the file to extract it):

[code]
$ gunzip /path/to/tclkit-linux-*.gz
[/code]

If you downloaded both the password gorilla and tclkit to a folder on your desktop called gorilla, the above command would then be:

[code]
$ gunzip ~/Desktop/gorilla/tclkit-linux-*.gz
[/code]

We also need to rename the extracted file to just tclkit. For example, mine when extracted was tclkit-linux-x86_64. Yours may be different unless you are also using a 64 bit system. So, to rename it, I simply use this command (which should work for the x86 version too)

[code]
$ mv ~/Desktop/gorilla/tclkit-linux-* ~/Desktop/gorilla/tclkit
[/code]

Next we need to assign execute permission to the tclkit after downloading, i.e., chmod +x tclkit*

[code]
$ chmod +x ~/Desktop/gorilla/tclkit
[/code]

Next, the best way to install this would be to allow anyone to run the application (if you want to run it and nobody else, simply execute tclkit gorilla-1.4.kit from a shell or create a desktop icon for it). System wide users requires use to move the folder on your desktop to the /usr/bin, /bin. or the /opt/ directory. This requires root privilege or sudo -- don't forget to change the paths below:

[code]
sudo cp -R ~/Desktop/gorilla /opt/
[/code]

Next, copy and paste the code text between [code] and [/code] into a text file and save it to your desktop temporarily as gorilla.sh. This creates the executable script needed to run gorilla. Don't forget to change the path to reflect where you moved the directory on your system (I used /opt/ in the example above):

[code]

#!/bin/bash
cd /opt/gorilla/
./tclkit gorilla-1.4.kit

[/code]

We need to move the gorilla.sh script to the /bin directory and rename the file to just gorilla. The easiest way to do that is by using either sudo or su. I will use su in my example below:

[code]
$ sudo cp ~/Desktop/gorilla.sh /bin/gorilla
[/code]

Now we make our script executable:

[code]
$ sudo chmod +x /bin/gorilla
[/code]

RUNNING GORILLA

When gorilla is run for the first time, you are presented with a screen to open a database and supply the master password, except I had never ran the program before so these did not exists. Attempting to create a file would error. However, I found that by selecting cancel, the application would load, run, and worked fine.....including additional loading of the application. As far as I can remember, I had not run the application on this machine (yet, there is a possibility that while testing some 12+ different password managers that I may have done just that). However, once it was up and running it was very easy to use and navigate.

The first screen I talked about above: