Task #659
create LDAP user to enable monitoring via SSH
100%
Description
create a new user called "dataone_monitor" that will be the user ssh uses to connect to the monitored nodes. (It will hold the public rsa key somewhere on each file system.)
(assuming ssh port is allowed on all machines)
from epad:
create an account for monitor ssh access to machines being monitored
-setup LDAP user for monitoring service: "dataone_monitor"
-restrict the scripts that can be executed by the account
-setup passwordless keys for access to the account from the monitor machine
- note: this last bullet item to be performed under task #636
History
#1 Updated by Dave Vieglais over 14 years ago
Account is created, though there are some outstanding tasks with respect to shell and LDAP integration. The problem is that the default shell for new account is /sbin/nologin and the default homedir os /dev/null.
To get around this issue, it is necessary to configure a static value for shell in the target ldap configuration file, and to pre-create home dir manually using the uid and gid of the user.
#2 Updated by Dave Vieglais over 14 years ago
Done for host-unm-1, 129.24.0.11, 129.24.0.13.
Sending instructions for other machines.
