(v12.0.9412.21359 started 2025-10-09 03:15:37 on VM2)
Password Handling/Management for ApplicGate VPN Clients:
Motivation: - In case of RSP the handling/management of passwords (necessary to access remote systems) is inconveniant. - Therefore ApplicGate implements a central Username/Password store. - On request passwords are downloaded to the VPN Clients. - When shortcuts are used username/password will be inserted automatically or the user can paste username/password to the clipboard.
Password exchange must be agreed between the ApplicGate VPN Server and the ApplicGate VPN Client: VPN Server "reverselogon" entry: add "pwh" to field DestinationIP, e.g. client|mgmt|pwh VPN Client "autologon" entry: add "pwh" to field GatewayIP, e.g. client|mgmt|pwh
In the VPN Client this function ist activated by specification of the parameter "pwh" (ClickOnce parameter or in ApplicGateClient.ini).
Additionally this feature is configured using two keywords: PWH ... for manage and status routing entries: Display Username when listing Routes and activate password handling (load the password list, additional menu items) - Additionally for VPN Clients, when keyword SCST is specified: Display Password and allow copying of Username and Password to clipboard and insertion to shortcuts. - Placeholders in shortcuts: %suser% to insert saved username, %spw% to insert saved password. - Example for Username/Password insertion for shortcuts: -- cmd:putty -pw %spw% -P %port% %suser%@%ip% ... Start ssh using putty -- cmd:psftp -pw %spw% -P %port% %suser%@%ip% ... Start ftp using putty -- share:%sharename% %suser% %spw% ... Map network share: Prompts for name of network share -- pss:filezilla sftp://%suser%:%spw%@%ip%:%port% ... Start ftp using filezilla - Note: When using "cmdb", "cmds", "psb" or "pss" and the username and/or the password is not available: ApplicGate prompts for username and/or password.
PWUPD ... for manage and status routing entries: Allow update of the password list - Username and password are stored in the file PWlist.csv with following fields: -- UID ... main part of UID or full UID. --- For password insertion first a password defined for full UID will be searched. If not found a password defined for main UID will be searched. --- This schema allows usage of a specific username for all destinations within a UID (remote site) and explicite definition for a specific destination. -- Username ... Username or Domain\Username -- Password ... Password -- responsibleEmail ... E-mail address of the user who is responsible for this account (optional) -- Comment ... Any comment (optional) - This file can be modified by an editor or updated via the web interface: - See: Configuration/Password List/Load, Show, Download, New User/Password entry
Note: Currently the passwords are stored unencrypted. In the next version of ApplicGate the passwords will be stored encrypted.
