Added by Jared Greeno, last edited by Les Cottrell on Aug 31, 2009  (view change)

Labels:

Enter labels to add to this page:
Wait Image 
Looking for a label? Just start typing.

Escrow

Escrow is the shared password safe used to keep common credentials in a secure way.

To add a new user to the escrow "clique" or group for IEPM:

  1. The new user should create a new key for him/herself with the PGP key generation command: 
    pgp -kg

    When prompted, use a key strength of 1024 bits and use the suggested key name format Firstname Lastname <username@slac.stanford.edu>.

  2. The new user should export his/her PGP key for use with escrow: 
    escrow setupuser

    This will export the user's public PGP key into a separate file which can then be imported into escrow.

  3. An existing escrow user should add the user's key to the clique's keyring: 
    escrow adduser -c iepm ~*<newuser>*/.escrow/publickey

    e.g. escrow adduser -c iepm ~jaredg/.escrow/publickey The program will repeatedly prompt for confirmation that the key is trusted. It will also prompt you for the existing user's PGP passphrase.

  4. An existing escrow user should add the user's key to the iepmacct list of secrets: 
    escrow adduser -c iepm iepmacct *<username>*

    e.g. escrow adduser -c iepm iepmacct jaredg The program will prompt for the existing user's PGP passphrase.

  5. Add user to the AFS group cottrell:iepm 
    pts adduser -user kalim -group cottrell:iepm