Existing users can be added to a PKI group using the
usermod command. As with useradd, usermod updates all of the related user account files, including /etc/passwd, /etc/shadow, and /etc/group.
# usermod -a -G pkiadmin bjensenNOTE
The users added to the admin and audit groups are regular user accounts, not a system account like
pkiuser.
Add the user accounts to the appropriate PKI management group, and only to that one group. Users are either an administrator or an auditor; the same user cannot be in both groups.
- PKI auditors only need to be added to the
pkiauditgroup. - PKI administrators need to be added to the
pkiadmingroup and any group uses by a hardware token used by the subsystem, such asnfastfor an nCipher hardware token.
The
pkiuser user should be added to both the pkiadmin and pkiaudit groups:
# usermod -a -G pkiadmin pkiuser # usermod -a -G pkiaudit pkiuser