Add kerberosd to password-viewers
Allows the Kerberos daemon to access the Chrome OS login password stored
in the kernel keyring. The login password will be used when admins
specify the placeholder '${PASSWORD}' in the KerberosAccounts policy.
This will allow admins to precreate a Kerberos account for users if the
login password matches the Kerberos password.
BUG=chromium:952240
TEST=None
Cq-Depend: chromium:1662300
Change-Id: Id12d914c3b1e3667e946de0ddb1787db554e7638
Reviewed-on: https://chromium-review.googlesource.com/1655608
Tested-by: Lutz Justen <ljusten@chromium.org>
Commit-Ready: Lutz Justen <ljusten@chromium.org>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: May Lippert <maybelle@chromium.org>
Reviewed-by: Lutz Justen <ljusten@chromium.org>
diff --git a/profiles/base/accounts/group/password-viewers b/profiles/base/accounts/group/password-viewers
index 1f35cbf..dfb0a16 100644
--- a/profiles/base/accounts/group/password-viewers
+++ b/profiles/base/accounts/group/password-viewers
@@ -2,4 +2,4 @@
# a kernel keyring.
group:password-viewers
gid:611
-users:shill
+users:kerberosd,shill
