AFS Account Name
|
ACL-group
|
NIS-Group
|
Uid
|
Gid
|
Comments
|
laci
|
laci:owner-laci
g-laci
|
xr
lcls
|
8412
|
1096(xr)
2292(lcls)
|
This
password-less account is used for starting and stopping lcls control
system
processes.
|
Who should be added to this shared account?
LCLS Software developers will find it
necessary to have access to the laci account. If you are need access to
the laci account, please send email to
Dayle
Kotturi or
Stephanie
Allison.
Generating a
"public rsa key"
Log into your account and issue the following
command. Responds to all prompts with a return.
ssh-keygen -t rsa1
Generating public/private rsa key pair.
Enter file in which to save the key (/u/cd/zelazny/.ssh/identity.pub):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /u/cd/zelazny/.ssh/identity.pub.
Your public key has been saved in /u/cd/zelazny/.ssh/identity.pub.
Adding a user
to a shared account
The owner of the
shared account must perform this operation. Please
noet that the authorized_keys file will work only if it is owned by
shared account.
1. Add user public rsa key to the shared
AFS account authorized keys
cat ~<user_name>/.ssh/identity.pub >> ~<shared account
name>/.ssh/authorized_keys
2. Add the user to the ACL group as follows:
pts adduser -user <user
name> -group <ACL-group name>
3. If the user will need to run cron
jobs under the shared AFS account and wants to receive email regarding
problems with these jobs, edit the file
~<AFS account name>/.forward and
add the users to the email list.
Removing a
users from a shared account
The owner of the
shared account must perform this operation. Please
noet that the authorized_keys file will work only if it is owned by
shared account.
1. Remove user public rsa key to the
shared AFS account authorized keys
cd ~<user_name>/.ssh/identity.pub
pts adduser -user <user
name> -group <ACL-group name>
cp authorized_keys
authorized_keys.old
cp authorized_keys temp
edit temp to remove the user's
ssh key
cat temp >authorized_keys
rm temp
2. Remove the user to the ACL group as follows:
pts removeuser -user <user
name> -group <ACL-group name>
3. Chek the file
~<AFS account name>/.forward and
remove the user from this file if it appears.
Listing the
owner of the AFS shared account
$ ypmatch <AFS
account name> passwd
Listing the members of the shared account