Office of Information Technology Boston University
System Support
About Getting Started News Contact
Administration Tools Administration Tools Software
Network Installations
Hostname/IP Issues
BU Linux
Solaris
SGI
Application Server
Patches
Sun Patches
Automate Sun Patches
SGI
Media Loans
Backups
Global Compliance
UID System Guide
Install
Configure
Use
Commands
Security
Links
FAQ

Install UserAdm

Installing the UserAdm kit involves three steps:

  1. Downloading UserAdm onto your system
  2. Confirm that you have a valid Kerberos srv-tab file
  3. Completing local system changes to support the UserAdm toolkit

The steps are described in detail below.

If the UserAdm toolkit is already installed on your system, and you are simply upgrading the level of UserAdm on your system, you may stop after steps I and II; your local customizations will not be affected by installing version 2.4 of the UserAdm kit.

New installations of UserAdm require completion of steps 1, 2, and 3.

1. Downloading UserAdm onto your system
The UserAdm kit has been compiled and pre-packaged for all major computer achitectures and placed on the application server.

Obtaining UserAdm from the Application Server

  1. cd to the package directory: cd /usr/local/IT/useradm-2.4

  2. From inside the UserAdm package directory, run the pkg.install script. You must specify a destination; we recommend /usr/local (which will place the UserAdm tools into /usr/local/uid):
    ./pkg.install /usr/local

(The directory name on your system may not be identical. If the version number of the useradm package has changed, the directory name will change accordingly.)


2. Confirm that you have a valid Kerberos srv-tab file
To increase the security of campus services, the tools in UserAdm 2.4 now use Kerberos authenticated connections when communicating with the BU.EDU servers. To make this type of secure connection, a system must have a Kerberos srvtab file which contains a specially encrypted key used to authenticate your system. Unless your system has a valid Kerberos srvtab file, new, approve and other tools in the UserAdm 2.4 kit will not work.

Because it is used to make secure connections with the campus servers, the Kerberos srvtab must be protected as though it contained a password. First, it must be generated here at the Office of Information Technology. Second, the file permissions on your Kerberos srvtab file must prevent users on your system from seeing the contents of the file:

yoursystem# ls -l /etc/krb-srvtab
-rw-r----- 1 root new 73 Jun 15 1997 /etc/krb-srvtab

Please contact syssupport@bu.edu for assistance if you don't have a valid /etc/krb-srvtab file.

3. Completing local system changes to support the UserAdm toolkit
(Skip this step if you are merely upgrading your UserAdm toolkit.)

Once the package is installed, you must make a few changes to your system:
  1. Create an account named new. Create the account by editing the /etc/passwd file and adding the following line. This account should have no password, and should have the new program as its shell:

    new::3616:3616:Welcome:/usr/local/uid:/usr/local/uid/new

    Check that the permissions for /etc/passwd are set to 644

    Make sure the the home directory for new is fully protected from misuse:
    (note: /usr/local/uid is the home directory)

  2. Add new to the /etc/ftpusers file to prevent anyone from ftp-ing into your system as user new.
  3. For Solaris 2.X systems, set up new so a password isn't required by editing /etc/default/login and changing

    PASSREQ=YES to PASSREQ=NO

  4. Make sure the home directory for new is owned by the appropriate UID:

    chown new /usr/local/uid

  5. Create a group named new, and add to this group anyone who is expected to run the approve program.

  6. Make sure all the files in /usr/local/uid are owned by group new:
    chgrp -R new /usr/local/uid
  7. Add/edit a crontab entry that will run the deliver program every night, e.g. (see 'man crontab' for information on editing crontab files. For now, note that you must be root and you must use 'crontab -e' to edit the crontab file; also note that for machines set up as clients, this line should remain commented out):

    15 01 * * * /usr/local/uid/deliver

    Delivery may also be started up from a nightly script on your system.

  8. Customize the UserAdm configuration files for your system.
    • Using /usr/local/uid/config.sample as an example, create the file /usr/local/uid/config and
      • specify the types of users who are authorized to get accounts on your system
      • customize messages displayed by the new program to your users
        For more details, see the the Configuration section.

    • Using /usr/local/uid/help.sample as an example, create the file /usr/local/uid/help to provide customized introductory information for people running the new program on your system.

    • Using /usr/local/uid/adduser.sample as an example, create the file /usr/local/uid/adduser to create an account on demand.

  9. Send mail to sys-support@bu.edu to register yourself as a UserAdm system administrator for your system.

    prev next
November 18, 2002
Office of Information Technology
Boston University