Most recent update:

SamAdmin Tools for ~sam/.k5login Maintenance

This document describes the use of the existing tools for maintaining the ~sam/.k5login file on various Fermilab nodes of importance. Important notes:

  1. All of these commands must be run from the sam account on one of a very limited number of nodes (currently:,,,; this nodelist may change, but it will probably always be tightly related to the list of nodes running critical sam services such as the samDbServers, samWebServers, and the central-analysis station).
  2. NOTE that the sam/d0/ entry must be listed in the .k5login for the cvsuser@cdcvs account in order for you to be able to run the command from that node.
  3. These utilities are specifically designed for maintainance of the Fermilab .k5login account, for use on site at Fermilab, by Fermilab SAM shifters who need to log in to Fermilab nodes to restart various sam services.

The master k5login file (and the list of 'subscribed' accounts) is maintained in the CD CVS repository, package name "sam_account_files".

The following table summarizes the available commands and what they do.
Command: Overview:
$ samadmin display k5login Echo the contents of the current k5login file to stdout. No changes are made to the CVS repository
$ samadmin modify k5login \
     --add=p1,p2,p3... \
Add/remove the specified principals, commit the changes to the CVS repository, and copy the new k5login file to all subscribed accounts.
$ samadmin display subscribed k5login accounts Echo the list of accounts 'subscribed' to receive updates to the k5login file.
$ samadmin modify subscribed k5login accounts \
     --add=n1,n2,n3... \
Subscribe/unsubscribe the specified accounts so that they will/will not receive updates to the k5login file
$ samadmin push k5login Make no modifications, but push the current k5login file to all subscribed accounts.

For additional information, see the sam admin documentation.