welcome: please sign in

Please enter your password of your account at the remote wiki below.
/!\ You should trust both wikis because the password could be read by the particular administrators.

Clear message


Merge with AddingNewAdmins

1. Adding admin users

2. Disabling admin users

  1. Disable local password on all hosts (sudo usermod -L USER_admin)
  2. Disable local homedir on all hosts (sudo chmod 000 /home/USER_admin)
  3. Remove from /etc/login.restrict on all hosts (that file is present on non-member-login machines)
  4. Remove from /etc/sudoers on all hosts (sudo visudo)
  5. Randomize Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin")
  6. Randomize user.daemon Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin/daemon")
  7. Remove all permissions on USER_admin homedir in AFS (fs sa /afs/hcoop.net/user/U/US/USER_ADMIN -clear)
  8. Remove from BOS superuser list ON ALL AFS SERVERS (bos removeuser SERVER USER_admin)

3. Changing system passwords

  1. On all hosts: sudo usermod -p '$1$...md5hash' root
  2. ssh root@ or admin@kvm.hcoop.net, run 'setup', choose S, type in new password twice, choose W. (KVM will reboot to reload pw)

  3. ssh admin@mire-sp.hcoop.net, run 'access update password -u admin', and also 'access get users' to make sure there are no accounts besides 'admin'

CategorySystemAdministration CategoryNeedsWork