Revision history for SingleSignOn
Additions:
<<{{color c="red" text="THIS PAGE IS DEPRECATED"}}
Please visit the current page [[SingleSignOn(FreeIPA)|here]].<<::c::
Please visit the current page [[SingleSignOn(FreeIPA)|here]].<<::c::
Deletions:
Additions:
<<{{color c="red" text="DEPRECATED"}} Please visit the current page [[SingleSignOn(FreeIPA)|here]].<<::c::
Deletions:
Additions:
<<{{color c=red text="DEPRECATED"}} Please visit the current page [[SingleSignOn(FreeIPA)|here]].<<::c::
Additions:
~- [[AdminEmail E-mail Management]]
~- [[CommonWorkstationIssues Common Issues]]>>
~- [[CommonWorkstationIssues Common Issues]]>>
Deletions:
Additions:
>>===See Also===
~- [[AdminEmail E-mail Management]]>>
~- [[AdminEmail E-mail Management]]>>
Additions:
kadmin.local -q 'cpw -pw [password] [username]'
Deletions:
Additions:
[[https://help.ubuntu.com/community/SingleSignOn Ubuntu Guide to SingleSignOn]]
Additions:
Hook LDAP into other services (wiki, mantis).
[[http://www.brennan.id.au/20-Shared_Address_Book_LDAP.html Shared Address Book]]
[[http://www.brennan.id.au/20-Shared_Address_Book_LDAP.html Shared Address Book]]
Deletions:
Additions:
To make any changes to ldap or kerberos, first get a ticket (either as ldapadmin or as a member in the ldap group tech) if needed:
Deletions:
Additions:
To make any changes to ldap or kerberos, first get a ticket (either as ldapadmin or as a member in the ldap group tech).
This will add principal pedro with password of pedro to kerberos and needchange password flag set, as well as adding user pedro to ldap with group of users (gid 10100) and creating their home with contents from /etc/ldapscripts/skel.
To reset his password, in case he cannot login:
kadmin.local -q 'cpw -pw password pedro'
Then, finally, force the user to change their password on next login:
kadmin.local -q 'modprinc +needchange pedro'
The above query commands of cpw and modprinc can also be executed within kadmin.local.
This will add principal pedro with password of pedro to kerberos and needchange password flag set, as well as adding user pedro to ldap with group of users (gid 10100) and creating their home with contents from /etc/ldapscripts/skel.
To reset his password, in case he cannot login:
kadmin.local -q 'cpw -pw password pedro'
Then, finally, force the user to change their password on next login:
kadmin.local -q 'modprinc +needchange pedro'
The above query commands of cpw and modprinc can also be executed within kadmin.local.
Deletions:
Launch the local kadmin:
kadmin.local
Set the password:
cpw pedro
Then, finally, force the user to set their password on next login:
modprinc +needchange pedro
Additions:
===Creating New Users===
To create new users, they must be added to LDAP, have their password set in Kerberos, be added to the necessary groups, and ideally be forced to change their passwords on login. We'll start by adding pedro:
Add the user to LDAP with the standard users group:
%%(language-ref)
ldapadduser pedro users
%%
Since he's a research intern, let's give him access to the research drive:
%%(language-ref)
ldapaddusertogroup pedro research
%%
Now, let's set his password. First, we need to authenticate to kerberos as ourselves:
%%(language-ref)
kinit mike
%%
Launch the local kadmin:
%%(language-ref)
kadmin.local
%%
Set the password:
%%(language-ref)
cpw pedro
%%
Then, finally, force the user to set their password on next login:
%%(language-ref)
modprinc +needchange pedro
%%
Now the user should be setup with full access to the research drive and be forced to change their password on first login.
===Misc. commands===
To create new users, they must be added to LDAP, have their password set in Kerberos, be added to the necessary groups, and ideally be forced to change their passwords on login. We'll start by adding pedro:
Add the user to LDAP with the standard users group:
%%(language-ref)
ldapadduser pedro users
%%
Since he's a research intern, let's give him access to the research drive:
%%(language-ref)
ldapaddusertogroup pedro research
%%
Now, let's set his password. First, we need to authenticate to kerberos as ourselves:
%%(language-ref)
kinit mike
%%
Launch the local kadmin:
%%(language-ref)
kadmin.local
%%
Set the password:
%%(language-ref)
cpw pedro
%%
Then, finally, force the user to set their password on next login:
%%(language-ref)
modprinc +needchange pedro
%%
Now the user should be setup with full access to the research drive and be forced to change their password on first login.
===Misc. commands===
Deletions:
Additions:
ktutil (keytab utility)
kdb5_util (kerberos database utility)
kdb5_util (kerberos database utility)
Deletions:
Additions:
kinit - Use me to authenticate.
