Opened 7 years ago

Last modified 6 weeks ago

#6367 assigned defect

make dedicated sudo passwords

Reported by: weasel Owned by: weasel
Priority: Medium Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description


Child Tickets

Change History (8)

comment:1 Changed 4 years ago by nickm

+1 on this. If we aim to get this transition done some time after 1 May, what do you need from sudoers first?

comment:2 Changed 4 years ago by weasel

Primarily we need to let them know to set sudo passwords via the web interface on db.tpo and then hold their hands them during the inevitable mail issues

comment:3 Changed 3 years ago by weasel

Severity: Normal

sudo passwords enabled. for now, the unix password still works.

comment:4 Changed 3 years ago by weasel

Announcement mail: https://lists.torproject.org/pipermail/tor-project/2016-March/000199.html

Plan to disable pam_unix for sudo 2nd week of April.

comment:5 Changed 2 years ago by weasel

Owner: set to tpa
Status: newassigned

comment:6 Changed 2 years ago by weasel

Status: assignednew

comment:7 Changed 6 weeks ago by ln5

The syadmin team meeting in Brussels ([hhttps://trac.torproject.org/projects/tor/wiki/org/meetings/2019BrusselsAdminTeamMinutes#Dedicatedsudopasswords notes]) decided that we stop accepting LDAP passwords for sudo.

Two action items came out:

  • Configure pam on all but the CRM hosts to only accept the sudo passwords
  • Send email to tor-project@ informing about that change.
Last edited 6 weeks ago by ln5 (previous) (diff)

comment:8 Changed 6 weeks ago by ln5

Owner: changed from tpa to weasel
Status: newassigned
Note: See TracTickets for help on using tickets.