LDAP Accounts
There is a Surfrock66 LDAP directory where users of various services can maintain a single account for the various things hosted on the infrastructure.
Accounts are most easily managed in Apache Directory Studio (ADS).
To enable an account to be able to log in (so, to enable kerberos) we need to perform some steps on sr66-hda. After the account is created in ADS, the following can be used to create a Kerberos Principal after running `kadmin.local` as root:
addprinc -x dn=cn=username,ou=accounts,dc=hda,dc=surfrock66,dc=com username