[Micronet] process ID's

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] process ID's

orubel
I am building processes using CAMPUS\id's which is not optimal as users can leave and then the process dies with the user.

Is there a way to create a CAMPUS\ID for a process that can access DB's, servers, etc like a normal user so when we setup a process, application, etc it can run without fear of being attached to any ONE person but to a common ID that can be setup for reuse with the 'system'.

Owen Rubel
Software Engineer
IPIRA/Industry Alliances Office
#:510.664.7186

 Website | Brochure | IPIRA Tech Search | IPIRA Monthly Newsletter | Twitter | LinkedIn

PLEASE NOTE:  This message is intended to be read only by the individual or entity to whom it is addressed, or their designee.  If the reader of this message is not the intended recipient, you are hereby notified that any copy or distribution of this message, in any form, is strictly prohibited.  If you have received this message in error, please immediately notify the sender and/or the Industry Alliances Office by return email and delete or destroy the original message or any copy of the original message.  Thank you for your cooperation.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] process ID's

SERGEY SHEVTCHENKO
Does anyone know if we can use our shiny new SPA accounts for things like this? It definitely seems appropriate and would save everyone from saving CalNet credentials into automatically-run scripts >.<

Sergey Shevtchenko
IT Director
University of California, Berkeley
tel.: (510) 643-0077

On Thu, Nov 13, 2014 at 8:08 AM, Owen J Rubel <[hidden email]> wrote:
I am building processes using CAMPUS\id's which is not optimal as users can leave and then the process dies with the user.

Is there a way to create a CAMPUS\ID for a process that can access DB's, servers, etc like a normal user so when we setup a process, application, etc it can run without fear of being attached to any ONE person but to a common ID that can be setup for reuse with the 'system'.

Owen Rubel
Software Engineer
IPIRA/Industry Alliances Office
#:<a href="tel:510.664.7186" value="+15106647186" target="_blank">510.664.7186

 Website | Brochure | IPIRA Tech Search | IPIRA Monthly Newsletter | Twitter | LinkedIn

PLEASE NOTE:  This message is intended to be read only by the individual or entity to whom it is addressed, or their designee.  If the reader of this message is not the intended recipient, you are hereby notified that any copy or distribution of this message, in any form, is strictly prohibited.  If you have received this message in error, please immediately notify the sender and/or the Industry Alliances Office by return email and delete or destroy the original message or any copy of the original message.  Thank you for your cooperation.


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] process ID's

orubel
In reply to this post by orubel
forgive me as I'm a bit new. Whats a SPA acct?
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] process ID's

Karl R. Grose
In reply to this post by SERGEY SHEVTCHENKO
Hi Sergey,

On Thu, Nov 13, 2014 at 9:11 AM, Sergey Shevtchenko
<[hidden email]> wrote:

> Does anyone know if we can use our shiny new SPA accounts for things like
> this? It definitely seems appropriate and would save everyone from saving
> CalNet credentials into automatically-run scripts >.<

If the app in question is CAS-enabled it will receive the SPA's uid
during authN, so yes, this could work.

--Karl

Karl Grose
CalNetOps

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] process ID's

Karl R. Grose
In reply to this post by orubel
On Thu, Nov 13, 2014 at 9:17 AM, orubel <[hidden email]> wrote:

> forgive me as I'm a bit new. Whats a SPA acct?

Mostly being used to replace the access method to bConnected
departmental accounts now, but intended for general use otherwise.
See:

  https://wikihub.berkeley.edu/x/uBL-BQ

for some more info.

--Karl

Karl Grose
CalNetOps

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] process ID's

Ian Crew
In reply to this post by orubel
Quoting from https://wikihub.berkeley.edu/pages/viewpage.action?pageId=104138316:

A Special Purpose Account (SPA) CalNet ID is a CalNet ID that can be shared by multiple users for collaborative purposes. You can use your SPA CalNet ID to access authorized applications such as bConnected itself, the bConnected Manage Your Account app, and the CalNet Manage My Keys app, but in a different way.

Cheers,

Ian

On Nov 13, 2014, at 9:17 AM, orubel <[hidden email]> wrote:

forgive me as I'm a bit new. Whats a SPA acct?



--
View this message in context: http://micronet-at-uc-berkeley.840177.n3.nabble.com/Micronet-process-ID-s-tp4028735p4028738.html
Sent from the Micronet at UC Berkeley mailing list archive at Nabble.com.


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

___
Ian Crew

IST-Architecture, Platforms and Integration (API)
Earl Warren Hall, Second Floor
University of California, Berkeley


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] process ID's

Michael LEEFERS
In reply to this post by SERGEY SHEVTCHENKO

Sergey,

 

When you say campus\id are you talking about an account in the Campus Active Directory Domain?  If that is what you want then the SPA account should work since it does get created in the campus AD also.  However if you need a campus AD  account that requires a greater level of control over the user object attributes, then I would recommend you check with the sys admins in your department to see if they have and AD OU where they can create a service account for you.

 

Michael

 

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Sergey Shevtchenko
Sent: Thursday, November 13, 2014 9:11 AM
To: [hidden email]
Subject: Re: [Micronet] process ID's

 

Does anyone know if we can use our shiny new SPA accounts for things like this? It definitely seems appropriate and would save everyone from saving CalNet credentials into automatically-run scripts >.<


Sergey Shevtchenko

IT Director

University of California, Berkeley

tel.: (510) 643-0077

 

On Thu, Nov 13, 2014 at 8:08 AM, Owen J Rubel <[hidden email]> wrote:

I am building processes using CAMPUS\id's which is not optimal as users can leave and then the process dies with the user.

 

Is there a way to create a CAMPUS\ID for a process that can access DB's, servers, etc like a normal user so when we setup a process, application, etc it can run without fear of being attached to any ONE person but to a common ID that can be setup for reuse with the 'system'.


Owen Rubel

Software Engineer

IPIRA/Industry Alliances Office

#:<a href="tel:510.664.7186" target="_blank">510.664.7186

 

 Website | Brochure | IPIRA Tech Search | IPIRA Monthly Newsletter | Twitter | LinkedIn

PLEASE NOTE:  This message is intended to be read only by the individual or entity to whom it is addressed, or their designee.  If the reader of this message is not the intended recipient, you are hereby notified that any copy or distribution of this message, in any form, is strictly prohibited.  If you have received this message in error, please immediately notify the sender and/or the Industry Alliances Office by return email and delete or destroy the original message or any copy of the original message.  Thank you for your cooperation.



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] process ID's

Graham Patterson
Michael,

Where would an SPA account in AD get its passphrase from? The CAS system
uses the account of the owner/delegate. Would you set a password in AD
for an SPA account, and would it stick?

I am not sure I would want to do it, but since SPAs can be delegated I
am curious about the bounds of this mechanism.

Aside - The Box account option looks to be a great department/workgroup
tool, though I think the access management is going to be a headache for
neophytes.

Graham

On 11/13/14 9:39 AM, Michael J LEEFERS wrote:

> Sergey,
>
>  
>
> When you say campus\id are you talking about an account in the Campus
> Active Directory Domain?  If that is what you want then the SPA account
> should work since it does get created in the campus AD also.  However if
> you need a campus AD  account that requires a greater level of control
> over the user object attributes, then I would recommend you check with
> the sys admins in your department to see if they have and AD OU where
> they can create a service account for you.
>
>  
>
> Michael
>
>  
>
>  
>
> *From:*[hidden email]
> [mailto:[hidden email]] *On Behalf Of *Sergey
> Shevtchenko
> *Sent:* Thursday, November 13, 2014 9:11 AM
> *To:* [hidden email]
> *Subject:* Re: [Micronet] process ID's
>
>  
>
> Does anyone know if we can use our shiny new SPA accounts for things
> like this? It definitely seems appropriate and would save everyone from
> saving CalNet credentials into automatically-run scripts >.<
>
>
> Sergey Shevtchenko
>
> IT Director
>
> Goldman School of Public Policy <http://gspp.berkeley.edu>
>
> University of California, Berkeley
>
> tel.: (510) 643-0077
>
>  
>
> On Thu, Nov 13, 2014 at 8:08 AM, Owen J Rubel <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     I am building processes using CAMPUS\id's which is not optimal as
>     users can leave and then the process dies with the user.
>
>      
>
>     Is there a way to create a CAMPUS\ID for a process that can access
>     DB's, servers, etc like a normal user so when we setup a process,
>     application, etc it can run without fear of being attached to any
>     ONE person but to a common ID that can be setup for reuse with the
>     'system'.
>
>
>     *Owen Rubel*
>
>     Software Engineer
>
>     IPIRA/Industry Alliances Office
>
>     *@*:[hidden email] <mailto:[hidden email]>
>
>     *#*:510.664.7186 <tel:510.664.7186>
>
>      
>
>     * **Website* <http://ipira.berkeley.edu/>* | **Brochure*
>     <http://ipira.berkeley.edu/sites/default/files/shared/August_2014_brochure.pdf>* |** **IPIRA
>     Tech Search*
>     <http://techtransfer.universityofcalifornia.edu/default.aspx?campus=BK>* |* *IPIRA
>     Monthly Newsletter* <http://ow.ly/mnPtb>* | **Twitter*
>     <https://twitter.com/BerkeleyIPIRA> | *LinkedIn*
>     <http://www.linkedin.com/groups?gid=4964819&trk=hb_side_g>
>
>     PLEASE NOTE:  This message is intended to be read only by the
>     individual or entity to whom it is addressed, or their designee.  If
>     the reader of this message is not the intended recipient, you are
>     hereby notified that any copy or distribution of this message, in
>     any form, is strictly prohibited.  If you have received this message
>     in error, please immediately notify the sender and/or the Industry
>     Alliances Office by return email and delete or destroy the original
>     message or any copy of the original message.  Thank you for your
>     cooperation.
>
>
>
>     -------------------------------------------------------------------------
>     The following was automatically added to this message by the list
>     server:
>
>     To learn more about Micronet, including how to subscribe to or
>     unsubscribe from its mailing list and how to find out about upcoming
>     meetings, please visit the Micronet Web site:
>
>     http://micronet.berkeley.edu
>
>     Messages you send to this mailing list are public and
>     world-viewable, and the list's archives can be browsed and searched
>     on the Internet.  This means these messages can be viewed by (among
>     others) your bosses, prospective employers, and people who have
>     known you in the past.
>
>  
>
>
>
>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>


--
Graham Patterson, Systems Administrator
Lawrence Hall of Science, UC Berkeley   510-643-2222
"...past the iguana, the tyrannosaurus, the mastodon, the mathematical
puzzles, and the meteorite..." - directions to my office.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] process ID's

Michael LEEFERS
Graham,

>From the campus AD point a view it gets treated like any other CalNet Account.  When the password gets sets by a user it should get synced into MIT KDC and AD, by the standard CalNet sync process.  

Michael

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Graham Patterson
Sent: Thursday, November 13, 2014 1:02 PM
To: [hidden email]
Subject: Re: [Micronet] process ID's

Michael,

Where would an SPA account in AD get its passphrase from? The CAS system uses the account of the owner/delegate. Would you set a password in AD for an SPA account, and would it stick?

I am not sure I would want to do it, but since SPAs can be delegated I am curious about the bounds of this mechanism.

Aside - The Box account option looks to be a great department/workgroup tool, though I think the access management is going to be a headache for neophytes.

Graham

On 11/13/14 9:39 AM, Michael J LEEFERS wrote:

> Sergey,
>
>  
>
> When you say campus\id are you talking about an account in the Campus
> Active Directory Domain?  If that is what you want then the SPA
> account should work since it does get created in the campus AD also.  
> However if you need a campus AD  account that requires a greater level
> of control over the user object attributes, then I would recommend you
> check with the sys admins in your department to see if they have and
> AD OU where they can create a service account for you.
>
>  
>
> Michael
>
>  
>
>  
>
> *From:*[hidden email]
> [mailto:[hidden email]] *On Behalf Of
> *Sergey Shevtchenko
> *Sent:* Thursday, November 13, 2014 9:11 AM
> *To:* [hidden email]
> *Subject:* Re: [Micronet] process ID's
>
>  
>
> Does anyone know if we can use our shiny new SPA accounts for things
> like this? It definitely seems appropriate and would save everyone
> from saving CalNet credentials into automatically-run scripts >.<
>
>
> Sergey Shevtchenko
>
> IT Director
>
> Goldman School of Public Policy <http://gspp.berkeley.edu>
>
> University of California, Berkeley
>
> tel.: (510) 643-0077
>
>  
>
> On Thu, Nov 13, 2014 at 8:08 AM, Owen J Rubel <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     I am building processes using CAMPUS\id's which is not optimal as
>     users can leave and then the process dies with the user.
>
>      
>
>     Is there a way to create a CAMPUS\ID for a process that can access
>     DB's, servers, etc like a normal user so when we setup a process,
>     application, etc it can run without fear of being attached to any
>     ONE person but to a common ID that can be setup for reuse with the
>     'system'.
>
>
>     *Owen Rubel*
>
>     Software Engineer
>
>     IPIRA/Industry Alliances Office
>
>     *@*:[hidden email] <mailto:[hidden email]>
>
>     *#*:510.664.7186 <tel:510.664.7186>
>
>      
>
>     * **Website* <http://ipira.berkeley.edu/>* | **Brochure*
>     <http://ipira.berkeley.edu/sites/default/files/shared/August_2014_brochure.pdf>* |** **IPIRA
>     Tech Search*
>     <http://techtransfer.universityofcalifornia.edu/default.aspx?campus=BK>* |* *IPIRA
>     Monthly Newsletter* <http://ow.ly/mnPtb>* | **Twitter*
>     <https://twitter.com/BerkeleyIPIRA> | *LinkedIn*
>     <http://www.linkedin.com/groups?gid=4964819&trk=hb_side_g>
>
>     PLEASE NOTE:  This message is intended to be read only by the
>     individual or entity to whom it is addressed, or their designee.  If
>     the reader of this message is not the intended recipient, you are
>     hereby notified that any copy or distribution of this message, in
>     any form, is strictly prohibited.  If you have received this message
>     in error, please immediately notify the sender and/or the Industry
>     Alliances Office by return email and delete or destroy the original
>     message or any copy of the original message.  Thank you for your
>     cooperation.
>
>
>
>     -------------------------------------------------------------------------
>     The following was automatically added to this message by the list
>     server:
>
>     To learn more about Micronet, including how to subscribe to or
>     unsubscribe from its mailing list and how to find out about upcoming
>     meetings, please visit the Micronet Web site:
>
>     http://micronet.berkeley.edu
>
>     Messages you send to this mailing list are public and
>     world-viewable, and the list's archives can be browsed and searched
>     on the Internet.  This means these messages can be viewed by (among
>     others) your bosses, prospective employers, and people who have
>     known you in the past.
>
>  
>
>
>
>  
> ----------------------------------------------------------------------
> --- The following was automatically added to this message by the list
> server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>


--
Graham Patterson, Systems Administrator
Lawrence Hall of Science, UC Berkeley   510-643-2222
"...past the iguana, the tyrannosaurus, the mastodon, the mathematical puzzles, and the meteorite..." - directions to my office.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] process ID's

Graham Patterson

OK, light dawns, maybe. I do a CalNet passphrase reset on the SPA
account (as a deputy covering those accounts)? Otherwise I don't see a
way to get a passphrase set that is tied to the account. For most non-AD
purposes I would use my own credentials and just inform the system via
CAS that I want to act as the SPA. That won't work if the SPA is being
used in AD. And rather negates the point of a service account.

At the moment I don't forsee a need for it (a pan-application service
account), but that isn't to say someone else cannot.

Graham

On 11/13/14 1:26 PM, Michael J LEEFERS wrote:

> Graham,
>
> From the campus AD point a view it gets treated like any other CalNet Account.  When the password gets sets by a user it should get synced into MIT KDC and AD, by the standard CalNet sync process.  
>
> Michael
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of Graham Patterson
> Sent: Thursday, November 13, 2014 1:02 PM
> To: [hidden email]
> Subject: Re: [Micronet] process ID's
>
> Michael,
>
> Where would an SPA account in AD get its passphrase from? The CAS system uses the account of the owner/delegate. Would you set a password in AD for an SPA account, and would it stick?
>
> I am not sure I would want to do it, but since SPAs can be delegated I am curious about the bounds of this mechanism.
>
> Aside - The Box account option looks to be a great department/workgroup tool, though I think the access management is going to be a headache for neophytes.
>
> Graham
>
> On 11/13/14 9:39 AM, Michael J LEEFERS wrote:
>> Sergey,
>>
>>  
>>
>> When you say campus\id are you talking about an account in the Campus
>> Active Directory Domain?  If that is what you want then the SPA
>> account should work since it does get created in the campus AD also.  
>> However if you need a campus AD  account that requires a greater level
>> of control over the user object attributes, then I would recommend you
>> check with the sys admins in your department to see if they have and
>> AD OU where they can create a service account for you.
>>
>>  
>>
>> Michael
>>
>>  
>>
>>  
>>
>> *From:*[hidden email]
>> [mailto:[hidden email]] *On Behalf Of
>> *Sergey Shevtchenko
>> *Sent:* Thursday, November 13, 2014 9:11 AM
>> *To:* [hidden email]
>> *Subject:* Re: [Micronet] process ID's
>>
>>  
>>
>> Does anyone know if we can use our shiny new SPA accounts for things
>> like this? It definitely seems appropriate and would save everyone
>> from saving CalNet credentials into automatically-run scripts >.<
>>
>>
>> Sergey Shevtchenko
>>
>> IT Director
>>
>> Goldman School of Public Policy <http://gspp.berkeley.edu>
>>
>> University of California, Berkeley
>>
>> tel.: (510) 643-0077
>>
>>  
>>
>> On Thu, Nov 13, 2014 at 8:08 AM, Owen J Rubel <[hidden email]
>> <mailto:[hidden email]>> wrote:
>>
>>     I am building processes using CAMPUS\id's which is not optimal as
>>     users can leave and then the process dies with the user.
>>
>>      
>>
>>     Is there a way to create a CAMPUS\ID for a process that can access
>>     DB's, servers, etc like a normal user so when we setup a process,
>>     application, etc it can run without fear of being attached to any
>>     ONE person but to a common ID that can be setup for reuse with the
>>     'system'.
>>
>>
>>     *Owen Rubel*
>>
>>     Software Engineer
>>
>>     IPIRA/Industry Alliances Office
>>
>>     *@*:[hidden email] <mailto:[hidden email]>
>>
>>     *#*:510.664.7186 <tel:510.664.7186>
>>
>>      
>>
>>     * **Website* <http://ipira.berkeley.edu/>* | **Brochure*
>>     <http://ipira.berkeley.edu/sites/default/files/shared/August_2014_brochure.pdf>* |** **IPIRA
>>     Tech Search*
>>     <http://techtransfer.universityofcalifornia.edu/default.aspx?campus=BK>* |* *IPIRA
>>     Monthly Newsletter* <http://ow.ly/mnPtb>* | **Twitter*
>>     <https://twitter.com/BerkeleyIPIRA> | *LinkedIn*
>>     <http://www.linkedin.com/groups?gid=4964819&trk=hb_side_g>
>>
>>     PLEASE NOTE:  This message is intended to be read only by the
>>     individual or entity to whom it is addressed, or their designee.  If
>>     the reader of this message is not the intended recipient, you are
>>     hereby notified that any copy or distribution of this message, in
>>     any form, is strictly prohibited.  If you have received this message
>>     in error, please immediately notify the sender and/or the Industry
>>     Alliances Office by return email and delete or destroy the original
>>     message or any copy of the original message.  Thank you for your
>>     cooperation.
>>
>>
>>
>>     -------------------------------------------------------------------------
>>     The following was automatically added to this message by the list
>>     server:
>>
>>     To learn more about Micronet, including how to subscribe to or
>>     unsubscribe from its mailing list and how to find out about upcoming
>>     meetings, please visit the Micronet Web site:
>>
>>     http://micronet.berkeley.edu
>>
>>     Messages you send to this mailing list are public and
>>     world-viewable, and the list's archives can be browsed and searched
>>     on the Internet.  This means these messages can be viewed by (among
>>     others) your bosses, prospective employers, and people who have
>>     known you in the past.
>>
>>  
>>
>>
>>
>>  
>> ----------------------------------------------------------------------
>> --- The following was automatically added to this message by the list
>> server:
>>
>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>>
>
>
> --
> Graham Patterson, Systems Administrator
> Lawrence Hall of Science, UC Berkeley   510-643-2222
> "...past the iguana, the tyrannosaurus, the mastodon, the mathematical puzzles, and the meteorite..." - directions to my office.
>
>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>


--
Graham Patterson, Systems Administrator
Lawrence Hall of Science, UC Berkeley   510-643-2222
"...past the iguana, the tyrannosaurus, the mastodon, the mathematical
puzzles, and the meteorite..." - directions to my office.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] process ID's

Jeff McCullough
Hi Graham,

Yes, the passphrase for SPA is setup with a randomized password. That can be changed by involving a deputy. If we find there is a big desire for having the password setup as a regular user set passphrase, we can add that feature. The initial rollout has been focused as a SSO fix for departmental accounts in bConnected. 

Jeff

On November 13, 2014 at 1:45:53 PM, Graham Patterson ([hidden email]) wrote:


OK, light dawns, maybe. I do a CalNet passphrase reset on the SPA
account (as a deputy covering those accounts)? Otherwise I don't see a
way to get a passphrase set that is tied to the account. For most non-AD
purposes I would use my own credentials and just inform the system via
CAS that I want to act as the SPA. That won't work if the SPA is being
used in AD. And rather negates the point of a service account.

At the moment I don't forsee a need for it (a pan-application service
account), but that isn't to say someone else cannot.

Graham

On 11/13/14 1:26 PM, Michael J LEEFERS wrote:

> Graham,
>
> From the campus AD point a view it gets treated like any other CalNet Account. When the password gets sets by a user it should get synced into MIT KDC and AD, by the standard CalNet sync process.
>
> Michael
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of Graham Patterson
> Sent: Thursday, November 13, 2014 1:02 PM
> To: [hidden email]
> Subject: Re: [Micronet] process ID's
>
> Michael,
>
> Where would an SPA account in AD get its passphrase from? The CAS system uses the account of the owner/delegate. Would you set a password in AD for an SPA account, and would it stick?
>
> I am not sure I would want to do it, but since SPAs can be delegated I am curious about the bounds of this mechanism.
>
> Aside - The Box account option looks to be a great department/workgroup tool, though I think the access management is going to be a headache for neophytes.
>
> Graham
>
> On 11/13/14 9:39 AM, Michael J LEEFERS wrote:
>> Sergey,
>>
>>
>>
>> When you say campus\id are you talking about an account in the Campus
>> Active Directory Domain? If that is what you want then the SPA
>> account should work since it does get created in the campus AD also.
>> However if you need a campus AD account that requires a greater level
>> of control over the user object attributes, then I would recommend you
>> check with the sys admins in your department to see if they have and
>> AD OU where they can create a service account for you.
>>
>>
>>
>> Michael
>>
>>
>>
>>
>>
>> *From:*[hidden email]
>> [mailto:[hidden email]] *On Behalf Of
>> *Sergey Shevtchenko
>> *Sent:* Thursday, November 13, 2014 9:11 AM
>> *To:* [hidden email]
>> *Subject:* Re: [Micronet] process ID's
>>
>>
>>
>> Does anyone know if we can use our shiny new SPA accounts for things
>> like this? It definitely seems appropriate and would save everyone
>> from saving CalNet credentials into automatically-run scripts >.<
>>
>>
>> Sergey Shevtchenko
>>
>> IT Director
>>
>> Goldman School of Public Policy <http://gspp.berkeley.edu>
>>
>> University of California, Berkeley
>>
>> tel.: (510) 643-0077
>>
>>
>>
>> On Thu, Nov 13, 2014 at 8:08 AM, Owen J Rubel <[hidden email]
>> <mailto:[hidden email]>> wrote:
>>
>> I am building processes using CAMPUS\id's which is not optimal as
>> users can leave and then the process dies with the user.
>>
>>
>>
>> Is there a way to create a CAMPUS\ID for a process that can access
>> DB's, servers, etc like a normal user so when we setup a process,
>> application, etc it can run without fear of being attached to any
>> ONE person but to a common ID that can be setup for reuse with the
>> 'system'.
>>
>>
>> *Owen Rubel*
>>
>> Software Engineer
>>
>> IPIRA/Industry Alliances Office
>>
>> *@*:[hidden email] <mailto:[hidden email]>
>>
>> *#*:510.664.7186 <tel:510.664.7186>
>>
>>
>>
>> * **Website* <http://ipira.berkeley.edu/>* | **Brochure*
>> <http://ipira.berkeley.edu/sites/default/files/shared/August_2014_brochure.pdf>* |** **IPIRA
>> Tech Search*
>> <http://techtransfer.universityofcalifornia.edu/default.aspx?campus=BK>* |* *IPIRA
>> Monthly Newsletter* <http://ow.ly/mnPtb>* | **Twitter*
>> <https://twitter.com/BerkeleyIPIRA> | *LinkedIn*
>> <http://www.linkedin.com/groups?gid=4964819&trk=hb_side_g>
>>
>> PLEASE NOTE: This message is intended to be read only by the
>> individual or entity to whom it is addressed, or their designee. If
>> the reader of this message is not the intended recipient, you are
>> hereby notified that any copy or distribution of this message, in
>> any form, is strictly prohibited. If you have received this message
>> in error, please immediately notify the sender and/or the Industry
>> Alliances Office by return email and delete or destroy the original
>> message or any copy of the original message. Thank you for your
>> cooperation.
>>
>>
>>
>> -------------------------------------------------------------------------
>> The following was automatically added to this message by the list
>> server:
>>
>> To learn more about Micronet, including how to subscribe to or
>> unsubscribe from its mailing list and how to find out about upcoming
>> meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and
>> world-viewable, and the list's archives can be browsed and searched
>> on the Internet. This means these messages can be viewed by (among
>> others) your bosses, prospective employers, and people who have
>> known you in the past.
>>
>>
>>
>>
>>
>>
>> ----------------------------------------------------------------------
>> --- The following was automatically added to this message by the list
>> server:
>>
>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>>
>
>
> --
> Graham Patterson, Systems Administrator
> Lawrence Hall of Science, UC Berkeley 510-643-2222
> "...past the iguana, the tyrannosaurus, the mastodon, the mathematical puzzles, and the meteorite..." - directions to my office.
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>


--
Graham Patterson, Systems Administrator
Lawrence Hall of Science, UC Berkeley 510-643-2222
"...past the iguana, the tyrannosaurus, the mastodon, the mathematical
puzzles, and the meteorite..." - directions to my office.


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.