Freia Staff Page

Other documentation for freia is on the IRTF Team Drive

For purpose & set up, see IRTF_TEAM_DRIVE > COMPUTERS-NETWORK > PC > 2021-05-freia


Managing the user account on host freia

List of current accounts with expiration date; Waiting list

                                                       Times
Account    User                   Started   Expires    Extended    Comment
---------|----------------------|--------------------|-----------|-------------
fguest1    Suman Bhattacharyya    20230913  20240430    2          treegrassgreen; extended on 20231231,
           suman.acharyya00@gmail.com                              20240227.

fguest2    Guillaume Hube         20231107  20240606    2          Dictate.Duffel.Reappoint.Operative
           ghuber@hawaii.edu                                       extended on 20240207, 20240327

fguest3    Eliot Young            20230712  20240430    2          carredfast; extended on 20231231,
           efy@boulder.swri.edu                                    2024027 (requested only through 202404).

fguest4    Benjamin Rackham       20230505  20240531    2          appleredrose; renewed for 2023B;
           brackham@mit.edu                                        extended on 20231231, 20240227.


fguest5    Aravind Pazhayath Ravi 20240226  20240527    0          cogvittOfjuKucagCes2
           apazhayathravi@ucdavis.edu

fguest6    Jennifer Shi           20240304  20240602    0          muJimjonyueshains6
           jenshi@student.unimelb.edu.au
           &
           David Jones
           dojones@hawaii.edu

date:	Mar 4, 2024, 8:26 AM

fguest7    Rena Lee               20230512  20240430    3          oceanfishsurf; extended by request on 13Sep23,
           renaalee@hawaii.edu                                     20231231, 20240229.

waiting_1  none

waiting_2  none

Change in password policies

See Server World: Pwquality : Set Password Rules

Increase the password length to 12 from too low limit of 5 in /etc/login.defs ...

...
# Password aging controls:
#
#       PASS_MAX_DAYS   Maximum number of days a password may be used.
#       PASS_MIN_DAYS   Minimum number of days allowed between password changes.
#       PASS_MIN_LEN    Minimum acceptable password length.
#       PASS_WARN_AGE   Number of days warning given before a password expires.
#
PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_MIN_LEN    12
PASS_WARN_AGE   7
...

Update /etc/pam.d/system-auth to remember last 5 passwords ...

password    sufficient   pam_unix.so sha512 shadow nullok use_authtok remember=5

Update password 'quality' in /etc/security/pwquality.conf ...

# Changed, from 8, minimum length.
minlen = 12

# Changed, from 0, 'maximum number of allowed consecutive same characters'.
maxrepeat = 3

# Changed, from 0, to 'check for the words from the passwd entry GECOS string of
# the user'
gecoscheck = 1

Generate above policy-following password

Install apg package ...

dnf install apg

Generate one password (-n 1) between 12-24 characters (-m 12 -x 24) that is 'pronounceable' (-a 0) ...

apg -n 1 -m 12 -x 24 -a 0

... a wrapper script on the above has been installed in /usr/local/bin/make-password.sh. It is also in /root/root/bin/make-password.sh.


Assigning an new account

  1. Stop the VNC instance and copy the template files.
       # stop vnc desktop (as root)
       systemctl stop    vncserver@:N.service
    
       # login, make new home directory for new account
       ssh freia -l fguestN
       find . -xdev -mindepth 1 -maxdepth 1  \
          ! -name .cshrc ! -name .login ! -name .logout -print  -exec rm -r {} \;
       tar xvf /aux1/guest_template.tar
    
       # Run '/usr/local/bin/make-password.sh' to generate a password.
       #
       # Set account password via 'passwd' & VNC password (same as account
       # password) via 'vncpasswd' for the user account.
       #
       # Re-start VNC desktop  (as root)
       systemctl restart vncserver@:N.service
    
  2. Log in via VNC and test
    • disable screensaver & lock screen, display power management (Power Manager) via Applications -> Settings -> Screensaver.
  3. Expire the above set password to force the user to set a new password ...
       passwd -e fguestN
    
  4. Email user with (see email template for new account):
    • account information;
    • contact for help with login & VNC;
    • contact for support scientist.

Deactivating an account

  1. Set passwd, vncpasswd so is can't be accessed (use project password).
  2. Restart the VNC session to insure no one is logging in, and no software is running: systemctl restart vncserver@:N.service
  3. Notify the user via email about account expiry & inform that account could be extend on request (see email template for account about to expire);

History

   User                                Active   Expired  comment
fguest6    Christian Flores Gonzalez  20230714  20231231 extend by request on 12Oct23.
           caflores@hawaii.edu

fguest2    Mark Bullock               24Jun23   30Sep23 -
           mbullock75@gmail.com

fguest7    Rena Lee                   23Nov22   28Feb23  (disabled on 24Apr2023)
           renaalee@hawaii.edu

fguest4    Benjamin Rackham           03Sep21   28Feb23  extend to Feb23. Has many 2022B runs.
           brackham@mit.edu                             (disabled on 24Apr2023)

fguest5    BELINDA DAMIAN             29Aug21   31Oct22  extend to Oct31 (multiple 2022A runs).
           belinda.damian@res.christuniversity.in       (disabled on 25Nov2022).

fguest6    Mark Rushton               05May22   31Aug22  user 2022A041.
           MRushton@uclan.ac.uk

fguest1    Rosie Johnson              11Feb22   31May22   extend to 31May, per email on 27Apr.
           roj40@aber.ac.uk

fguest3    MIZNA K A                  09Nov21   07Feb22  -
           mizna@students.iisertirupati.ac.in

fguest2    Jessy Jose                 16Nov21   31Jan22  Deactivated on 31Jan22.
           jessyvjose1@gmail.com