Equivalent hosts (not domain)

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

Equivalent hosts (not domain)

Postby cramz » Thu Oct 01, 2015 9:54 am

On the servers of my lan I have often the following FQDN equivalent: myhost, myhost.localservername, myhost.localdomain, myhost.name.org.

As I have many sites on each lan server, and still more seen from outside through my gateway, each time I have a login I have to create numerous records on lastpass, and I have no way, outside of inspecting them manually, to check they are in sync.

To differenciate the hosts on the same domain I can use URL rules.
When I have multiple TLD like myhost.name.org and myhost.name.com, I can use equivalent domains.
But when I have equivalent FQDN, I have no way to tell it to lastpass.
I suppose it would be easy to add such a feature which is close from equivallent domains.

Note: I cannot even say that localservername, [localdomain, name.org are equivalent, because I have also some other servers localserverothername
cramz
 
Posts: 1
Joined: Thu Oct 01, 2015 9:34 am

Re: Equivalent hosts (not domain)

Postby hjb81 » Fri Nov 13, 2015 1:07 pm

I'm after this feature too.
I have a dynamic dns with 2 different hostnames pointing to my public ip, and I'd like to be able to use my lan names for that machine without having to have a separate entry for each.
When I try to add the equivalent domains I'm told they are "too low" and that lastpass already considers *.dnsprovider.com to be equivalent.
Exactly what this means isn't explained, but it's clearly a mistake as anyone could have a computer in that domain.
For example dyndns.com
hjb81
 
Posts: 2
Joined: Thu Feb 19, 2015 7:56 am

Re: Equivalent hosts (not domain)

Postby mike808137 » Mon Nov 30, 2015 1:41 am

Thus is also a problem with ecommerce sites hosting their carts on an aggregator/processor company's site.

E.G. store1.ezcart.example.com and store2.ezcart.example.com

Totally different sites/stores with *separate* logins.

I have this today with bigcommerce.com and Dorco in particular, if you want a real world example. LP thinks all of these unrelated stores are "equivalent" and the reality is that they are clearly not. Make this happen, LP. It's really pretty trivial to match on the full host or whatever the entry is in the vault equivalents list.
mike808137
 
Posts: 288
Joined: Tue Feb 24, 2015 12:04 pm

Re: Equivalent hosts (not domain)

Postby bcoleman43 » Tue Dec 01, 2015 10:59 am

This problem is my single biggest issue with LP! I have dozens of servers that I log in to frequently and it would be nice to turn on "autologin", but I can't because all of my servers have the same root URL. It would be nice if it matched more than just the root domain, so that you could differentiate between each server. I completely agree with Mike808137.
bcoleman43
 
Posts: 1
Joined: Tue Dec 01, 2015 10:51 am

Re: Equivalent hosts (not domain)

Postby jpenny84 » Tue Dec 01, 2015 12:04 pm

jpenny84
 
Posts: 8979
Joined: Tue Mar 06, 2012 9:10 pm

Re: Equivalent hosts (not domain)

Postby mike808137 » Wed Dec 02, 2015 2:13 am

Yes, Jpenny84, I have. As I noted, all stores on bigcommerce.com using their checkout/shopping cart have the same URLs. The part that's different is the *HOST*.

Just go to Bigcommerce.com and walk through their shopping cart apps to checkout. dorco.com is one, so are http://www.newyorkgourmetcoffee.com/ and http://www.gradyscoldbrew.com/
When you get to the payment portion to actually purchase something, you are handed off to a URL like store-<storeid>.mybigcommerce.com/cart.php or account.php.
Dorco's is: https://store-234ee.mybigcommerce.com/cart.php
Art4Now's is: https://store-cjysos.mybigcommerce.com/account.php

So the URL rules are useless - the URL is always "cart.php" or "account.php" for all of the stores. But each store's customer base (and therefore login and password) are entirely separate, since they are separate companies, after all.

How about instead of offering more alternatives that frankly, don't work, maybe explain what, exactly is the technical or security problem with matching on the user-provided hostname (and not just the top-level domain)? We're smarter than you give us credit for, you know.
mike808137
 
Posts: 288
Joined: Tue Feb 24, 2015 12:04 pm

Re: Equivalent hosts (not domain)

Postby andy148 » Tue Dec 08, 2015 10:27 am

I think jpenny84 is right, so maybe you're not setting the URL rule up correctly?

If you enter 'mybigcommerce.com' as a new URL rule and set 'Exact Host Match' = yes (that's the important bit), then passwords will only be offered if they match the fully qualified domain name - passwords for store234ee.mybigcommerce.com will not be shown on store-cjysos.mybigcommerce.com.
andy148
 
Posts: 2
Joined: Mon Mar 31, 2014 5:29 am

Re: Equivalent hosts (not domain)

Postby danafrost572 » Thu Sep 19, 2019 2:03 pm

This is a feature I too have been waiting on. Yes, you can use URL rules to treat multiple hosts separately but in my case (and I suspect many others) what is needed it to treat multiple hosts as "the same login". And, yes, I know very well this is not a good idea in general. In other words, to be secure you want all the "sites" you visit to have unique secure passwords (kind of the point of LastPass) but in many cases, you don't have a choice.

For example, at work we use a large number of web servers and we always login using the same LDAP name/pass. But, even if I use URL rules I need to keep a separate password entry for each landing page so that LastPass fills them in. And they are all on the same "domain" so domain rules do not apply.

As a small example we have a bug tracking system "jira.mycompany.com" and wiki "wiki.mycompany.com". These will always use the same name/password so to me they are an equivalent account. Since the account used is exactly the same it makes sense to only store the name/pass info in one lastpass record.

This is a pain for a number of reasons:

- When my company password expires LastPass has to update all those sites. (takes review and adds risk).
- Managing numerous password entries all for a single account in LastPass.
- My security score is bad because LastPass sees this as using "same password" for multiple sites. Its all one "site" "mycompany.com". Its just multiple tools using same LDAP account.

I have tried fixing this using URL rules etc. But it just does not work the way it should. Simply letting users define multiple "URLs" to use the same password entry would be a great improvement.
danafrost572
 
Posts: 6
Joined: Sun Jun 01, 2014 12:49 pm

Re: Equivalent hosts (not domain)

Postby klishb881 » Thu Feb 13, 2020 1:22 pm

I just went through this and got it working to my liking. By default LastPass will match on domain. In the example above, if you do nothing and rely on the default behavior, "jira.mycompany.com" and wiki "wiki.mycompany.com" will be treated as the same credential.

If you then have a host in that domain that doesn't share that credential then you can create a host matching URL rule for say "differentcred.mycompany.com". Then LastPass will allow you to store a different credential for that one host that has a different credential within that domain.

Originally I had a host matching rule for all of "mycompany.com" to accommodate the fact that some hosts within that domain had a different credential (although most hosts used the same credential). The result was I had to store the same credential multiple times. I deleted the "mycompany.com" host matching rule and then created host matching rules for each host that I did want a unique credential for an now it works great.
klishb881
 
Posts: 1
Joined: Mon Jan 20, 2020 12:31 pm


Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 23 guests