Dzahn has uploaded a new change for review. https://gerrit.wikimedia.org/r/116055
Change subject: enhanced comments re UIDs and key verification ...................................................................... enhanced comments re UIDs and key verification enhance the comments in admin.pp that Jeff added after we talked about matching the UID and how we verify keys for admins.pp additions Change-Id: I6c0092185229350061bfaca274cdb8e797576c89 --- M manifests/admins.pp 1 file changed, 22 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/55/116055/1 diff --git a/manifests/admins.pp b/manifests/admins.pp index 80d34a3..5088344 100644 --- a/manifests/admins.pp +++ b/manifests/admins.pp @@ -4,9 +4,28 @@ # TODO: completely rewrite this file -# NOTE: To choose the UID for a new user, try to match what's in ldap -# mutante: it's just easy to find one that is not taken. and it matches -# mutante: so, like root@formey:~# ldaplist -l passwd mah +# NOTE: To choose the UID for a new user please lookup +# the existing UID in (labs) LDAP and use that. +# currently you do this on formey, example: +# +# ldaplist -l passwd someuser +# ... +# uidNumber: 1234 +# +# advantages: no more duplicate UIDs that needed fixing, +# matching UID across production and labs, +# no need to grep|sort for the latest free UID anymore +# almost every user who gets prod. shell already has a +# labs user. if not, ask them nicely to make one first + +# NOTE: SSH keys added to this file always need to be verified. +# acceptable methods of verification include: +# gpg signing, having them pasted on office wiki user pages, +# having them +1 by logged in gerrit users +# unacceptable methods include: +# plain email (senders can't be trusted), +# IRC (definitely if not registered/identified with nickserv) +# RT-only (because it can be emailed) # NOTE: To completely disable an account, you should # 1) set variable $enabled = false -- To view, visit https://gerrit.wikimedia.org/r/116055 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I6c0092185229350061bfaca274cdb8e797576c89 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Dzahn <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
