Freia Staff Page

Managing the user account on host freia

List of current accounts with expiration date; Waiting list

                                                       Times
Account    User                   Started   Expires    Extended    Comment
---------|----------------------|--------------------|-----------|-------------
fguest2    Guillaume Hube         20231107  20240801    3          Dictate.Duffel.Reappoint.Operative
           ghuber@hawaii.edu                                       extended on 20240207, 20240327,
                                                                   20240516.

fguest4    Benjamin Rackham       20230505  20240801    3          appleredrose; renewed for 2023B;
           brackham@mit.edu                                        extended on 20231231, 20240227,
                                                                   20240516.

fguest6    Jennifer Shi           20240304  20240801    1          muJimjonyueshains6
           jenshi@student.unimelb.edu.au                           extended on 20240516.
           &
           David Jones
           dojones@hawaii.edu

fguest1    Suman Bhattacharyya    20230913  20240630    3          treegrassgreen; extended on 20231231,
           suman.acharyya00@gmail.com                              20240227, 20240502.

fguest3    /available/
fguest5    /available/
fguest7    /available/

waiting	   /none/

Change in password policies

See Server World: Pwquality : Set Password Rules

Increase the password length to 12 from too low limit of 5 in /etc/login.defs ...

...
# Password aging controls:
#
#       PASS_MAX_DAYS   Maximum number of days a password may be used.
#       PASS_MIN_DAYS   Minimum number of days allowed between password changes.
#       PASS_MIN_LEN    Minimum acceptable password length.
#       PASS_WARN_AGE   Number of days warning given before a password expires.
#
PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_MIN_LEN    12
PASS_WARN_AGE   7
...

Update /etc/pam.d/system-auth to remember last 5 passwords ...

password    sufficient   pam_unix.so sha512 shadow nullok use_authtok remember=5

Update password 'quality' in /etc/security/pwquality.conf ...

# Changed, from 8, minimum length.
minlen = 12

# Changed, from 0, 'maximum number of allowed consecutive same characters'.
maxrepeat = 3

# Changed, from 0, to 'check for the words from the passwd entry GECOS string of
# the user'
gecoscheck = 1

Generate above policy-following password

Install apg package ...

dnf install apg

Generate one password (-n 1) between 12-24 characters (-m 12 -x 24) that is 'pronounceable' (-a 0) ...

apg -n 1 -m 12 -x 24 -a 0

... a wrapper script on the above has been installed in /usr/local/bin/make-password.sh. It is also in /root/root/bin/make-password.sh.

Assigning an new account

1. Stop the VNC instance and copy the template files.

      # stop vnc desktop (as root)
      systemctl stop    vncserver@:N.service
   
      # login, make new home directory for new account
      ssh freia -l fguestN
      find . -xdev -mindepth 1 -maxdepth 1  \
         ! -name .cshrc ! -name .login ! -name .logout -print  -exec rm -r {} \;
      tar xvf /aux1/guest_template.tar
   
      # Run '/usr/local/bin/make-password.sh' to generate a password.
      #
      # Set account password via 'passwd' & VNC password (same as account
      # password) via 'vncpasswd' for the user account.
      #
      # Re-start VNC desktop  (as root)
      systemctl restart vncserver@:N.service
   

2. Log in via VNC and test
   • disable screensaver & lock screen, display power management (Power Manager) via Applications -> Settings -> Screensaver.
3. Expire the above set password to force the user to set a new password ...

      passwd -e fguestN
   

4. Email user with (see email template for new account):
   • account information;
   • contact for help with login & VNC;
   • contact for support scientist.

Deactivating an account

1. Set passwd, vncpasswd so is can't be accessed (use project password).
2. Restart the VNC session to insure no one is logging in, and no software is running: systemctl restart vncserver@:N.service
3. Notify the user via email about account expiry & inform that account could be extend on request (see email template for account about to expire);

History

   User                               Active    Expired   comment
-------------------------------------------------------------------------------------
fguest5    Aravind Pazhayath Ravi     20240226  20240527  20240516: Not-needed-anymore.       
           apazhayathravi@ucdavis.edu                               

fguest3    Eliot Young                20230712  20240430  extended on 20231231, 2024027
           efy@boulder.swri.edu                           (requested only through 202404).

fguest7    Rena Lee                   20230512  20240430  3 extended by request on 13Sep23,
           renaalee@hawaii.edu                            20231231, 20240229.

fguest6    Christian Flores Gonzalez  20230714  20231231  extend by request on 12Oct23.
           caflores@hawaii.edu

fguest2    Mark Bullock               24Jun23   30Sep23 - 
           mbullock75@gmail.com

fguest7    Rena Lee                   23Nov22   28Feb23   (disabled on 24Apr2023)
           renaalee@hawaii.edu

fguest4    Benjamin Rackham           03Sep21   28Feb23   extend to Feb23. Has many 2022B runs.
           brackham@mit.edu                               (disabled on 24Apr2023)

fguest5    BELINDA DAMIAN             29Aug21   31Oct22   extend to Oct31 (multiple 2022A runs).
           belinda.damian@res.christuniversity.in         (disabled on 25Nov2022).

fguest6    Mark Rushton               05May22   31Aug22   user 2022A041.
           MRushton@uclan.ac.uk

fguest1    Rosie Johnson              11Feb22   31May22   extend to 31May, per email on 27Apr.
           roj40@aber.ac.uk

fguest3    MIZNA K A                  09Nov21   07Feb22   -
           mizna@students.iisertirupati.ac.in

fguest2    Jessy Jose                 16Nov21   31Jan22   Deactivated on 31Jan22.
           jessyvjose1@gmail.com