welcome: please sign in

Diff for "AdminUserSetup"

Differences between revisions 1 and 2
Revision 1 as of 2009-08-13 21:22:42
Size: 761
Editor: 78
Comment:
Revision 2 as of 2009-08-19 13:28:44
Size: 793
Editor: 78
Comment:
Deletions are marked like this. Additions are marked like this.
Line 9: Line 9:
 1. Randomize Kerberos password (on Deleuze: kadmin.local -p YOU_admin -q "cpw -randkey USER_admin")
 1. Randomize user.daemon Kerberos password (on Deleuze: kadmin.local -p YOU_admin -q "cpw -randkey USER_admin/daemon")
 1. Randomize Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin")
 1. Randomize user.daemon Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin/daemon")
Line 12: Line 12:
 1. Remove from BOS superuser list (bos removeuser deleuze USER_admin)  1. Remove from BOS superuser list ON ALL AFS SERVERS (bos removeuser SERVER USER_admin)

1. Adding admin users

2. Disabling admin users

  1. Disable local password on all hosts (sudo usermod -L USER_admin)
  2. Disable local homedir on all hosts (sudo chmod 000 /home/USER_admin)
  3. Remove from /etc/login.restrict on all hosts (that file is present on non-member-login machines)
  4. Remove from /etc/sudoers on all hosts (sudo visudo)
  5. Randomize Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin")
  6. Randomize user.daemon Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin/daemon")
  7. Remove all permissions on USER_admin homedir in AFS (fs sa /afs/hcoop.net/user/U/US/USER_ADMIN -clear)
  8. Remove from BOS superuser list ON ALL AFS SERVERS (bos removeuser SERVER USER_admin)

AdminUserSetup (last edited 2012-09-06 07:12:15 by ClintonEbadi)