|
⇤ ← Revision 1 as of 2009-08-13 21:22:42
Size: 761
Comment:
|
Size: 793
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 9: | Line 9: |
| 1. Randomize Kerberos password (on Deleuze: kadmin.local -p YOU_admin -q "cpw -randkey USER_admin") 1. Randomize user.daemon Kerberos password (on Deleuze: kadmin.local -p YOU_admin -q "cpw -randkey USER_admin/daemon") |
1. Randomize Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin") 1. Randomize user.daemon Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin/daemon") |
| Line 12: | Line 12: |
| 1. Remove from BOS superuser list (bos removeuser deleuze USER_admin) | 1. Remove from BOS superuser list ON ALL AFS SERVERS (bos removeuser SERVER USER_admin) |
1. Adding admin users
2. Disabling admin users
- Disable local password on all hosts (sudo usermod -L USER_admin)
- Disable local homedir on all hosts (sudo chmod 000 /home/USER_admin)
- Remove from /etc/login.restrict on all hosts (that file is present on non-member-login machines)
- Remove from /etc/sudoers on all hosts (sudo visudo)
- Randomize Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin")
- Randomize user.daemon Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin/daemon")
- Remove all permissions on USER_admin homedir in AFS (fs sa /afs/hcoop.net/user/U/US/USER_ADMIN -clear)
- Remove from BOS superuser list ON ALL AFS SERVERS (bos removeuser SERVER USER_admin)