...
Escrow is the shared password safe used to keep common credentials in a secure way. The main use is to enable you to find out the password to the pinger account. This is needed for setting up cron jobs under the pinger account.
To add a new user to the escrow "clique" or group for IEPM:
The new user should create a new key for him/herself with the PGP key generation command: How to Get PGP Key
Code Block pgp -kg
When prompted, use a key strength of 1024 bits and use the suggested key name format
Firstname Lastname <username@slac.stanford.edu>
.The new user should export his/her PGP key for use with escrow:
Code Block escrow setupuser
This will export the user's public PGP key into a separate file which can then be imported into escrow.
An existing escrow user should add the user's key to the clique's keyring:
Code Block escrow adduser -c iepm ~*<newuser>*/.escrow/publickey
e.g.
escrow adduser -c iepm ~jaredg/.escrow/publickey
The program will repeatedly prompt for confirmation that the key is trusted. It will also prompt you for the existing user's PGP passphrase.
Note 4 MUST come after 3. An existing escrow user should add the user's key to the iepmacct list of secrets:
Code Block escrow adduser -c iepm iepmacct *<username>*
e.g.
escrow adduser -c iepm iepmacct jaredg
The program will prompt for the existing user's PGP passphrase.
Add user to the AFS group cottrell:iepm
Code Block pts adduser -user kalim -group cottrell:iepm
To add a new user to "netdev" (Networking escrow clique):
Code Block |
---|
escrow adduser -c netdev ~*<newuser>*/.escrow/publickey |
Step 4:
Code Block |
---|
escrow adduser -c netdev <escrow file name> *<username>* |