The non-human accounts SOP is here: https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/nonhumanaccounts.html
It talks about creating FAS accounts for bots and setting their type to "bot".
Based on conversations with @puiterwijk and the group in Raleigh, it seems that this is no longer the best practice. Instead, keytabs, or OIDC tokens, or other things should be created. FAS accounts should not be created.
In particular, one of the first things to do is to blacklist the username in FAS. The SOP would benefit from having some information on how to do that.
Ah, I found the blacklist here: https://infrastructure.fedoraproject.org/cgit/ansible.git/commit/?id=9a8ab4f3570d40f69c72260e295f7809876b8fb2
I just filed https://pagure.io/infra-docs/pull-request/90 which basically replaces the SOP with a pointer to the Fedora Security officer.
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.