document how to set the sudo password (#34314)

=== Host specific passwords / sudo passwords ===

Please note that, after [[logging in|https://db.torproject.org/login.html]], that

the {{{"sudo passwords"}}} fields at the very bottom of the {{{"Update my

info"}}} form DO NOT WORK.

Your sudo password is the same for all machines on which you have sudo

privileges; it is your LDAP password. The mail responder at

{{{changes@db.torproject.org}}} will take you through a plausible, and perhaps

enjoyable, series of puzzles, but BEWARE: THE CAKE IS A LIE.

Your LDAP password can *not* be used to authenticate to `sudo` on

servers. It can only allow to log you in through SSH, but you need a

*different* password to get `sudo` access, which we call the "sudo

password".

To set the sudo password:

 1. go to the [[user management website|https://db.torproject.org/login.html]]

 2. pick "Update my info"

 3. set a new (strong) sudo password

If you want, you can set a password that works for all the hosts that

are managed by torproject-admin, by using the "wildcard ("*").

Alternatively, or additionally, you can have per-host sudo passwords

-- just select the appropriate host in the pull-down box.

Once set on the web interface, you will have to confirm the new

settings by sending a signed challenge to the mail interface.  Please

ensure you don't introduce any additional line breaks.

Note that setting a sudo password will only enable you to use sudo to

configured accounts on configured hosts. Consult the output of "sudo

-l" if you don't know what you may do. (If you don't know, chances are

you don't need to nor can use sudo.)

== <a id="key-rollover">Changing/Updating your OpenPGP key</a> ==