diff options
1 files changed, 68 insertions, 0 deletions
diff --git a/doc/admin.md b/doc/admin.md
new file mode 100644
index 0000000..1b2a2f7
--- /dev/null
+++ b/doc/admin.md
@@ -0,0 +1,68 @@
+# Account maintainance commands
+## Normal users
+### Create new account
+ 1. Have the following information ready:
+ * Full name
+ * Cellphone number
+ 2. Pick a username:
+ * Start with the initials of the user
+ * Include also second letter of either first name or surname
+ * Add a trailing number if necessary (or better: third letter of first name or surname)
+ * The result should be practical (short and related to the name of the user) but must not be a nickname or initals: A username is comparable to the shape of a key - the user may get confused in every day use if it looks like a toy or jewelery!
+ 3. Generate some random passwords and create the account using a good one (pronaouncable but meaningless) of those codes:
+ (user=<username>; gpw && adduser $user && chage -M30 -W14 $user)
+ * Full name: Full name (Capital and small letters allowed, as is space and special characters, but no comma!)
+ * Room number: Primary group within the organisation
+ * Work phone: POTS phone number (optional)
+ * Home phone: Cellphone number
+ * Other: leave this blank for now (do not unclude email hints yet!)
+ 4. Compose an email based on the introEmail skeleton:
+ * If an ouside working email address has been provided, then use that as recipient. Alternatively use the contact person of the new user (teacher, boss etc.) as recipient.
+ * Add <username>@users.kaospilot.no as Cc:.
+ * Add tech@lists.kaospilot.no as Reply-To:.
+ 5. Send a cellphone text message to the new user with the following text:
+ Du har fået ny adgangskode. Den skal ændres inden 14 dage - se websiden https://wiki.kaospilot.no/BrugerKonto og check din mail. Koden er: <adgangskode>
+FIXME: Gør denne rutine semi-automatisk: Valg af adgangskode og udsendelse af sms bør ske automatisk.
+### Attach groups to account
+ 1. Attach the account to relevant organisational groups:
+ (user=<username>; for group in <group1> [<group2> ...]; do adduser $user $group; done)
+### Add/replace additional email addresses to account
+## Extend password lifespan
+When a user has changed password into something personal, the password lifespan is extended to 1 year:
+ (user=<username>; chage -M360 -W30 $user)
+TODO: The above command should ideally never ever be invoked manyally, but automatically through PAM
+## Reset password
+ (user=<username>; gpw && finger $user && passwd $user && chage -M30 -W14 $user)
+== Varsel om udløb af adgangskode ==
+ 1. Læg mærke til logbeskeder om adgangskoder der snart udløber
+ 2. Send en sms med følgende besked:
+ Du skal ændre din adgangskode - den udløber snart! Læs hvordan og hvorfor på websiden http://wiki.kaospilot.no/BrugerKonto
+TODO: Omskriv som automatisk syslog-ng plugin eller cron script tilknyttet en sms gateway.
+=== Udløbstid for konti med varighed under 100 dage ===
+(group=<gruppe>; echo $group:; for user in `members $group`; do chage -l $user|egrep -q '^Maximum:[[:blank:]]*[0-9]{2}$' && printf $user'\t' && chage -l $user|egrep '^Password Expires:'; done)