[Systems] Shell account request procedure

Bernie Innocenti bernie at codewiz.org
Tue Feb 9 12:56:28 EST 2010

Previous message: [Systems] Shell account request procedure
Next message: [Systems] Sugar Planet syndication instructions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2010-02-09 at 14:14 +0100, Sascha Silbe wrote:
> On Tue, Feb 09, 2010 at 01:18:56AM -0300, Bernie Innocenti wrote:
> 
> >    http://wiki.sugarlabs.org/go/Sysadmin/Shell_account_request
> Who gets mails sent do sysadmin@?

It was only me and dogi. I've added you too.

How do we share the burden of creating users and other administrative
procedures? I've already automated everything that could possibly be
scripted, but it still takes a lot of time to process all those
requests.

Any help would be appreciated.

> After account creation we should reply with a PGP/MIME signed email 
> containing the host keys of all SugarLabs hosts (or at least the ones 
> the account will have access to). We should also replicate that list as 
> /etc/ssh/ssh_known_hosts on all our hosts.

We're already using Monkeysphere for this: http://web.monkeysphere.info/

Care to sign sunjammer's key, please?

 http://pgp.surfnet.nl:11371/pks/lookup?op=vindex&fingerprint=on&search=0xD71DB6F4

> BTW: Can we (in a few weeks that is, not now) set up a slave LDAP (or 
> copy an export in shadow database format if that's possible) on bender 
> and manage bender / build slave accounts centrally (group membership, 
> some fancy LDAP stuff)? Home directories can be created on first login 
> by pam_mkhomedir. Not sure yet how to transfer ssh keys, though.

As a matter of fact, I've already setup a slave ldap on bender some time
ago. It was working, and the relevant configuration should still be
there. Only, I was using slurpd, which is now obsoleted.

I lack the time to do this work now, but if you'd like to do it, please
go on.

Another pending project would be moving the master ldap server to
lightwave (our master dns server) and make sunjammer yet another slave.

> PS: We should do some PGP key signing on next SugarCamp. I forgot to do 
> it at the Paris one. :(

Indeed. I'll invite my new colleagues here to sign it too.

-- 
   // Bernie Innocenti - http://codewiz.org/
 \X/  Sugar Labs       - http://sugarlabs.org/

Previous message: [Systems] Shell account request procedure
Next message: [Systems] Sugar Planet syndication instructions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Systems mailing list