Differences between revisions 2 and 3

1. Adding admin users

2. Disabling admin users

Disable local password on all hosts (sudo usermod -L USER_admin)
Disable local homedir on all hosts (sudo chmod 000 /home/USER_admin)
Remove from /etc/login.restrict on all hosts (that file is present on non-member-login machines)
Remove from /etc/sudoers on all hosts (sudo visudo)
Randomize Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin")
Randomize user.daemon Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin/daemon")
Remove all permissions on USER_admin homedir in AFS (fs sa /afs/hcoop.net/user/U/US/USER_ADMIN -clear)
Remove from BOS superuser list ON ALL AFS SERVERS (bos removeuser SERVER USER_admin)

On all hosts: sudo usermod -p '$1$...md5hash' root
ssh root@ or admin@kvm.hcoop.net, run 'setup', choose S, type in new password twice, choose W. (KVM will reboot to reload pw)
ssh admin@mire-sp.hcoop.net, run 'access update password -u admin', and also 'access get users' to make sure there are no accounts besides 'admin'

-  ⇤ ← Revision 2 as of 2009-08-19 13:28:44 → 
  Size: 793
  Editor: 78
  Comment:
+   ← Revision 3 as of 2009-08-19 13:57:01 → ⇥
  Size: 1167
  Editor: 78
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 13:
+= Changing system passwords =

 1. On all hosts: sudo usermod -p '$1$...md5hash' root
 1. ssh root@ or admin@kvm.hcoop.net, run 'setup', choose S, type in new password twice, choose W. (KVM will reboot to reload pw)
 1. ssh admin@mire-sp.hcoop.net, run 'access update password -u admin', and also 'access get users' to make sure there are no accounts besides 'admin'