welcome: please sign in

Diff for "AdminUserSetup"

Differences between revisions 1 and 3 (spanning 2 versions)
Revision 1 as of 2009-08-13 21:22:42
Size: 761
Editor: 78
Comment:
Revision 3 as of 2009-08-19 13:57:01
Size: 1167
Editor: 78
Comment:
Deletions are marked like this. Additions are marked like this.
Line 9: Line 9:
 1. Randomize Kerberos password (on Deleuze: kadmin.local -p YOU_admin -q "cpw -randkey USER_admin")
 1. Randomize user.daemon Kerberos password (on Deleuze: kadmin.local -p YOU_admin -q "cpw -randkey USER_admin/daemon")		  1. Randomize Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin")
 1. Randomize user.daemon Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin/daemon")
Line 12: Line 12:
 1. Remove from BOS superuser list (bos removeuser deleuze USER_admin)  1. Remove from BOS superuser list ON ALL AFS SERVERS (bos removeuser SERVER USER_admin)

= Changing system passwords =

 1. On all hosts: sudo usermod -p '$1$...md5hash' root
 1. ssh root@ or admin@kvm.hcoop.net, run 'setup', choose S, type in new password twice, choose W. (KVM will reboot to reload pw)
 1. ssh admin@mire-sp.hcoop.net, run 'access update password -u admin', and also 'access get users' to make sure there are no accounts besides 'admin'

1. Adding admin users

2. Disabling admin users

  1. Disable local password on all hosts (sudo usermod -L USER_admin)
  2. Disable local homedir on all hosts (sudo chmod 000 /home/USER_admin)
  3. Remove from /etc/login.restrict on all hosts (that file is present on non-member-login machines)
  4. Remove from /etc/sudoers on all hosts (sudo visudo)
  5. Randomize Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin")
  6. Randomize user.daemon Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin/daemon")
  7. Remove all permissions on USER_admin homedir in AFS (fs sa /afs/hcoop.net/user/U/US/USER_ADMIN -clear)
  8. Remove from BOS superuser list ON ALL AFS SERVERS (bos removeuser SERVER USER_admin)

3. Changing system passwords

  1. On all hosts: sudo usermod -p '$1$...md5hash' root

  2. ssh root@ or admin@kvm.hcoop.net, run 'setup', choose S, type in new password twice, choose W. (KVM will reboot to reload pw)

  3. ssh admin@mire-sp.hcoop.net, run 'access update password -u admin', and also 'access get users' to make sure there are no accounts besides 'admin'

AdminUserSetup (last edited 2012-09-06 07:12:15 by ClintonEbadi)