Wiki pages are great but somebody must keep updating
them.
---Zdenek
> -----Original Message-----
> From: LHC Computer Grid - Rollout
> [mailto:[log in to unmask]] On Behalf Of Louis Poncet
> Sent: 06 October 2006 11:09
> To: [log in to unmask]
> Subject: Re: [LCG-ROLLOUT] JS failures all over the place
>
> The following statement is now obsolete.
> The pools account must be unlocked.
>
>
> --
> Laird Louis Poncet
> Where: Bat28-R-003 CERN
> CH-1211 Geneve 23
> Mail : [log in to unmask]
> Phone: +41(0)227.674.231
> LAL / IN2P3 / CNRS / CERN
>
>
>
> On Oct 6, 2006, at 11:05 AM, Tomas Kouba wrote:
>
> > Louis Poncet wrote:
> >> A locked account should be accessible by the local root. So when
> >> we created the account we should unlocked them.
> >
> > How does this comply with the following statement? ( http://
> > goc.grid.sinica.edu.tw/gocwiki/ssh_problem_from_WN_to_CE )
> >
> > "Check if pool accounts on CE and WN are enabled for interactive
> > login in /etc/loginusers if such a file is configured in
> /etc/pam.d/
> > sshd, /etc/pam.d/login, /etc/pam.d/system-auth, etc. Note: at the
> > same time the accounts must be locked, i.e. their encrypted
> > password strings
> >
>
> > ^^^^^^^^^^^^^^^^^^^^^^^
> > must be set to invalid values like "!!" (see man pages for
> "passwd -
> > l" or "usermod -L" commands)."
> >
> > --
> > Tomas Kouba
> > Institute of Physics, Academy of sciences of the Czech Republic
>
|