Hi Graham, Yes, the passphrase for SPA is setup with a randomized password. That can be changed by involving a deputy. If we find there is a big desire for having the password setup as a regular user set passphrase, we can add that feature. The initial rollout has been focused as a SSO fix for departmental accounts in bConnected.
Jeff On November 13, 2014 at 1:45:53 PM, Graham Patterson ([email protected]) wrote: OK, light dawns, maybe. I do a CalNet passphrase reset on the SPA account (as a deputy covering those accounts)? Otherwise I don't see a way to get a passphrase set that is tied to the account. For most non-AD purposes I would use my own credentials and just inform the system via CAS that I want to act as the SPA. That won't work if the SPA is being used in AD. And rather negates the point of a service account. At the moment I don't forsee a need for it (a pan-application service account), but that isn't to say someone else cannot. Graham On 11/13/14 1:26 PM, Michael J LEEFERS wrote: > Graham, > > From the campus AD point a view it gets treated like any other CalNet > Account. When the password gets sets by a user it should get synced into MIT > KDC and AD, by the standard CalNet sync process. > > Michael > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Graham > Patterson > Sent: Thursday, November 13, 2014 1:02 PM > To: [email protected] > Subject: Re: [Micronet] process ID's > > Michael, > > Where would an SPA account in AD get its passphrase from? The CAS system uses > the account of the owner/delegate. Would you set a password in AD for an SPA > account, and would it stick? > > I am not sure I would want to do it, but since SPAs can be delegated I am > curious about the bounds of this mechanism. > > Aside - The Box account option looks to be a great department/workgroup tool, > though I think the access management is going to be a headache for neophytes. > > > Graham > > On 11/13/14 9:39 AM, Michael J LEEFERS wrote: >> Sergey, >> >> >> >> When you say campus\id are you talking about an account in the Campus >> Active Directory Domain? If that is what you want then the SPA >> account should work since it does get created in the campus AD also. >> However if you need a campus AD account that requires a greater level >> of control over the user object attributes, then I would recommend you >> check with the sys admins in your department to see if they have and >> AD OU where they can create a service account for you. >> >> >> >> Michael >> >> >> >> >> >> *From:*[email protected] >> [mailto:[email protected]] *On Behalf Of >> *Sergey Shevtchenko >> *Sent:* Thursday, November 13, 2014 9:11 AM >> *To:* [email protected] >> *Subject:* Re: [Micronet] process ID's >> >> >> >> Does anyone know if we can use our shiny new SPA accounts for things >> like this? It definitely seems appropriate and would save everyone >> from saving CalNet credentials into automatically-run scripts >.< >> >> >> Sergey Shevtchenko >> >> IT Director >> >> Goldman School of Public Policy <http://gspp.berkeley.edu> >> >> University of California, Berkeley >> >> tel.: (510) 643-0077 >> >> >> >> On Thu, Nov 13, 2014 at 8:08 AM, Owen J Rubel <[email protected] >> <mailto:[email protected]>> wrote: >> >> I am building processes using CAMPUS\id's which is not optimal as >> users can leave and then the process dies with the user. >> >> >> >> Is there a way to create a CAMPUS\ID for a process that can access >> DB's, servers, etc like a normal user so when we setup a process, >> application, etc it can run without fear of being attached to any >> ONE person but to a common ID that can be setup for reuse with the >> 'system'. >> >> >> *Owen Rubel* >> >> Software Engineer >> >> IPIRA/Industry Alliances Office >> >> *@*:[email protected] <mailto:[email protected]> >> >> *#*:510.664.7186 <tel:510.664.7186> >> >> >> >> * **Website* <http://ipira.berkeley.edu/>* | **Brochure* >> <http://ipira.berkeley.edu/sites/default/files/shared/August_2014_brochure.pdf>* >> |** **IPIRA >> Tech Search* >> <http://techtransfer.universityofcalifornia.edu/default.aspx?campus=BK>* |* >> *IPIRA >> Monthly Newsletter* <http://ow.ly/mnPtb>* | **Twitter* >> <https://twitter.com/BerkeleyIPIRA> | *LinkedIn* >> <http://www.linkedin.com/groups?gid=4964819&trk=hb_side_g> >> >> PLEASE NOTE: This message is intended to be read only by the >> individual or entity to whom it is addressed, or their designee. If >> the reader of this message is not the intended recipient, you are >> hereby notified that any copy or distribution of this message, in >> any form, is strictly prohibited. If you have received this message >> in error, please immediately notify the sender and/or the Industry >> Alliances Office by return email and delete or destroy the original >> message or any copy of the original message. Thank you for your >> cooperation. >> >> >> >> ------------------------------------------------------------------------- >> The following was automatically added to this message by the list >> server: >> >> To learn more about Micronet, including how to subscribe to or >> unsubscribe from its mailing list and how to find out about upcoming >> meetings, please visit the Micronet Web site: >> >> http://micronet.berkeley.edu >> >> Messages you send to this mailing list are public and >> world-viewable, and the list's archives can be browsed and searched >> on the Internet. This means these messages can be viewed by (among >> others) your bosses, prospective employers, and people who have >> known you in the past. >> >> >> >> >> >> >> ---------------------------------------------------------------------- >> --- The following was automatically added to this message by the list >> server: >> >> To learn more about Micronet, including how to subscribe to or unsubscribe >> from its mailing list and how to find out about upcoming meetings, please >> visit the Micronet Web site: >> >> http://micronet.berkeley.edu >> >> Messages you send to this mailing list are public and world-viewable, and >> the list's archives can be browsed and searched on the Internet. This means >> these messages can be viewed by (among others) your bosses, prospective >> employers, and people who have known you in the past. >> > > > -- > Graham Patterson, Systems Administrator > Lawrence Hall of Science, UC Berkeley 510-643-2222 > "...past the iguana, the tyrannosaurus, the mastodon, the mathematical > puzzles, and the meteorite..." - directions to my office. > > > ------------------------------------------------------------------------- > The following was automatically added to this message by the list server: > > To learn more about Micronet, including how to subscribe to or unsubscribe > from its mailing list and how to find out about upcoming meetings, please > visit the Micronet Web site: > > http://micronet.berkeley.edu > > Messages you send to this mailing list are public and world-viewable, and the > list's archives can be browsed and searched on the Internet. This means these > messages can be viewed by (among others) your bosses, prospective employers, > and people who have known you in the past. > -- Graham Patterson, Systems Administrator Lawrence Hall of Science, UC Berkeley 510-643-2222 "...past the iguana, the tyrannosaurus, the mastodon, the mathematical puzzles, and the meteorite..." - directions to my office. ------------------------------------------------------------------------- The following was automatically added to this message by the list server: To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site: http://micronet.berkeley.edu Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
------------------------------------------------------------------------- The following was automatically added to this message by the list server: To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site: http://micronet.berkeley.edu Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
