AdminUserSetup42012-09-06 07:12:15ClintonEbadipointlessly split content alert32009-08-19 13:57:0178.134.196.178-dsl.net.metronet.hr22009-08-19 13:28:4478.134.196.178-dsl.net.metronet.hr12009-08-13 21:22:4278.134.195.65-dsl.net.metronet.hrMerge with AddingNewAdmins Disabling admin usersDisable local password on all hosts (sudo usermod -L USER_admin) Disable local homedir on all hosts (sudo chmod 000 /home/USER_admin) Remove from /etc/login.restrict on all hosts (that file is present on non-member-login machines) Remove from /etc/sudoers on all hosts (sudo visudo) Randomize Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin") Randomize user.daemon Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin/daemon") Remove all permissions on USER_admin homedir in AFS (fs sa /afs/hcoop.net/user/U/US/USER_ADMIN -clear) Remove from BOS superuser list ON ALL AFS SERVERS (bos removeuser SERVER USER_admin) Changing system passwordsOn all hosts: sudo usermod -p '$1$...md5hash' root ssh root@ or admin@kvm.hcoop.net, run 'setup', choose S, type in new password twice, choose W. (KVM will reboot to reload pw) ssh admin@mire-sp.hcoop.net, run 'access update password -u admin', and also 'access get users' to make sure there are no accounts besides 'admin' CategorySystemAdministration CategoryNeedsWork