= Adding admin users =

= Disabling admin users =

 1. Disable local password on all hosts (sudo usermod -L USER_admin)
 1. Disable local homedir on all hosts (sudo chmod 000 /home/USER_admin)
 1. Remove from /etc/login.restrict on all hosts (that file is present on non-member-login machines)
 1. Remove from /etc/sudoers on all hosts (sudo visudo)
 1. Randomize Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin")
 1. Randomize user.daemon Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin/daemon")
 1. Remove all permissions on USER_admin homedir in AFS (fs sa /afs/hcoop.net/user/U/US/USER_ADMIN -clear)
 1. Remove from BOS superuser list ON ALL AFS SERVERS (bos removeuser SERVER USER_admin)