Jump to content

Fundraising/techops/procedures/services-kerberos user management

From Wikitech

Users: Kerberos User Management

To create a new user

Use kadmin.local as root

  sudo su -
  kadmin.local

Show existing users

  list_principals

Add user with username matching (frack) puppet/hieradata/user/users.yaml

  • for administrative users:
  addprinc -policy admin jgreen/admin
  {enter a temp password}
  • for non-administrative users:
  addprinc -policy user jgreen
  {enter a temp password}

Set the new password to expire after the first use

  • for administrative users:
  modify_principal +needchange jgreen/admin
  • for non-administrative users:
  modify_principal +needchange jgreen

Provide the user with their temporary password and tell them to change it via 'passwd' command on any frack host

To change a password for an existing user

  cpw jgreen
  modify_principal +needchange jgreen