Escrow
Escrow is the shared password safe used to keep common credentials in a secure way.
To add a new user to the escrow "clique" or group for IEPM:
- The new user should create a new key for him/herself with the PGP key generation command: How to Get PGP Key When prompted, use a key strength of 1024 bits and use the suggested key name format
Firstname Lastname <username@slac.stanford.edu>
. - The new user should export his/her PGP key for use with escrow:
Code Block |
---|
escrow setupuser
|
This will export the user's public PGP key into a separate file which can then be imported into escrow. - An existing escrow user should add the user's key to the clique's keyring:
Code Block |
---|
escrow adduser -c iepm ~*<newuser>*/.escrow/publickey
|
e.g. escrow adduser -c iepm ~jaredg/.escrow/publickey
The program will repeatedly prompt for confirmation that the key is trusted. It will also prompt you for the existing user's PGP passphrase. - An existing escrow user should add the user's key to the iepmacct list of secrets:
Code Block |
---|
escrow adduser -c iepm iepmacct *<username>*
|
e.g. escrow adduser -c iepm iepmacct jaredg
The program will prompt for the existing user's PGP passphrase. - Add user to the AFS group cottrell:iepm
Code Block |
---|
pts adduser -user kalim -group cottrell:iepm
|