[If you do not use sudo on torproject.org systems, you need not read this.]
Comrades,
some of you maintain services on torproject.org hosts. Generally, these services run under their dedicated role user, and you use sudo to switch to these roles.
Up until now, you have used the LDAP password to authenticate to sudo. We want to change this.
The LDAP password is the one you got sent in encrypted mail when your account was first created on db.torproject.org. You might have (should have) changed that on the web-interface [db]. This password is the one that also allows you to log into the management interface [db-login] there and change for instance your mail forwarding configuration or your jabber password [jabber-announce-mail].
The plan is to have a password dedicated to just sudo.
To set it, please go to the user management website [db-login] (pick "Update my info"), and set a new (strong) sudo password for yourself. If you want, you can set a password that works for all the hosts that are managed by torproject-admin (*). Alternatively, or additionally, you can have per-host sudo passwords -- just select the appropriate host in the pull-down box.
Once set on the web interface, you will have to confirm the new settings by sending a signed challenge to the mail interface. Please ensure you don't introduce any additional line breaks.
Note that setting a sudo password will only enable you to use sudo to configured accounts on configured hosts. Consult the output of "sudo -l" if you don't know what you may do. (If you don't know, chances are you don't need to nor can use sudo.)
For now, both the LDAP password and the new sudo password will work to authenticate to sudo. Starting in the second week of April, the LDAP password will no longer be accepted for this purpose.
If you have any questions, please ask.
Thanks, weasel
[db] https://db.torproject.org/ [db-login] https://db.torproject.org/login.html [jabber-announce-mail] https://lists.torproject.org/pipermail/tor-project/2016-February/000064.html