If you have root privileges, you can add or remove people from
editing the group in LDAP:
$ kinit you/admin you/admin@OCF.BERKELEY.EDU's Password: $ ldapvi cn=ocfstaff
Then add or remove the appropriate
Before giving anyone root privileges, make sure to obtain authorization from the SM.
Adding or removing people from
ocfroot is similar to modifying
ocfstaff. However, if you are adding someone to root staff, in addition to
modifying LDAP, you will also have to create their
principals (if those don't already exist). For example, to create the
/admin principal, you would do:
$ kadmin kadmin> add otherstaffer/admin you/admin@OCF.BERKELEY.EDU's Password: Max ticket life [1 day]: Max renewable life [1 week]: Principal expiration time [never]: Password expiration time [never]: Attributes : Policy [default]: otherstaffer/admin@OCF.BERKELEY.EDU's Password: Verify password - otherstaffer/admin@OCF.BERKELEY.EDU's Password:
At the very first prompt, you are prompted for your password. It's safe to
accept the defaults for the next few prompts. The last two prompts should be
filled in by the new root staffer; it will become the password for their
After you've created these principals, you'll need to grant them powers in the Kerberos ACL file in Puppet.
Also add the new root staffer to the Admin team in our GitHub org and grant them RT admin privileges.
In order to gain access to the firewall, it is necessary to email someone from the ASUC Student Union to ask them to fill out the Telecom Shopping Cart on your behalf. Send them an email with the CalNet IDs of the people you want to add to the firewall, and have an existing firewall administrator authorize the request. As of Fall 2017, the Facilities Coordinator has worked to get new people added to the firewall, although it is likely that this process will change in Spring/Fall 2018 when the firewall is changed as part of the bSecure project.