Jump to content

Fundraising/techops/procedures/services-kerberos user management

From Wikitech

< Fundraising‎ | techops

Users: Kerberos User Management

To create a new user

Use kadmin.local as root

  sudo su -
  kadmin.local

Show existing users

  list_principals

Add user with username matching (frack) puppet/hieradata/user/users.yaml

for administrative users:

  addprinc -policy admin jgreen/admin
  {enter a temp password}

for non-administrative users:

  addprinc -policy user jgreen
  {enter a temp password}

Set the new password to expire after the first use

for administrative users:

  modify_principal +needchange jgreen/admin

for non-administrative users:

  modify_principal +needchange jgreen

Provide the user with their temporary password and tell them to change it via 'passwd' command on any frack host

To change a password for an existing user

  cpw jgreen
  modify_principal +needchange jgreen

Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=Fundraising/techops/procedures/services-kerberos_user_management&oldid=2093732"