Managing the user account on host freia
List of current accounts with expiration date; Waiting list
Times Account User Started Expires Extended Comment ---------|----------------------|--------------------|-----------|------------- fguest2 Guillaume Hube 20231107 20240801 3 Dictate.Duffel.Reappoint.Operative ghuber@hawaii.edu extended on 20240207, 20240327, 20240516. fguest4 Benjamin Rackham 20230505 20240801 3 appleredrose; renewed for 2023B; brackham@mit.edu extended on 20231231, 20240227, 20240516. fguest6 Jennifer Shi 20240304 20240801 1 muJimjonyueshains6 jenshi@student.unimelb.edu.au extended on 20240516. & David Jones dojones@hawaii.edu fguest1 Suman Bhattacharyya 20230913 20240630 3 treegrassgreen; extended on 20231231, suman.acharyya00@gmail.com 20240227, 20240502. fguest3 /available/ fguest5 /available/ fguest7 /available/ waiting /none/
Change in password policies
See Server World: Pwquality : Set Password Rules
Increase the password length to 12 from too low limit of 5 in
/etc/login.defs
...
... # Password aging controls: # # PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MIN_DAYS Minimum number of days allowed between password changes. # PASS_MIN_LEN Minimum acceptable password length. # PASS_WARN_AGE Number of days warning given before a password expires. # PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_MIN_LEN 12 PASS_WARN_AGE 7 ...
Update /etc/pam.d/system-auth
to remember last 5 passwords ...
password sufficient pam_unix.so sha512 shadow nullok use_authtok remember=5
Update password 'quality' in
/etc/security/pwquality.conf
...
# Changed, from 8, minimum length. minlen = 12 # Changed, from 0, 'maximum number of allowed consecutive same characters'. maxrepeat = 3 # Changed, from 0, to 'check for the words from the passwd entry GECOS string of # the user' gecoscheck = 1
Generate above policy-following password
Install apg
package ...
dnf install apg
Generate
one password (-n 1
)
between 12-24 characters (-m 12 -x 24
)
that is 'pronounceable' (-a 0
) ...
apg -n 1 -m 12 -x 24 -a 0
... a wrapper script on the above has been installed in
/usr/local/bin/make-password.sh
. It is also in
/root/root/bin/make-password.sh
.
Assigning an new account
- Stop the VNC instance and copy the template files.
# stop vnc desktop (as root) systemctl stop vncserver@:N.service # login, make new home directory for new account ssh freia -l fguestN find . -xdev -mindepth 1 -maxdepth 1 \ ! -name .cshrc ! -name .login ! -name .logout -print -exec rm -r {} \; tar xvf /aux1/guest_template.tar # Run '/usr/local/bin/make-password.sh' to generate a password. # # Set account password via 'passwd' & VNC password (same as account # password) via 'vncpasswd' for the user account. # # Re-start VNC desktop (as root) systemctl restart vncserver@:N.service
- Log in via VNC and test
- disable screensaver & lock screen, display power management (Power Manager) via Applications -> Settings -> Screensaver.
- Expire the above set password to force the user to set a new password ...
passwd -e fguestN
- Email user with
(see email template for new account):
- account information;
- contact for help with login & VNC;
- contact for support scientist.
Deactivating an account
-
Set
passwd
,vncpasswd
so is can't be accessed (use project password). -
Restart the VNC session to insure no one is logging in, and no software is running:
systemctl restart vncserver@:N.service
- Notify the user via email about account expiry & inform that account could be extend on request (see email template for account about to expire);
History
User Active Expired comment ------------------------------------------------------------------------------------- fguest5 Aravind Pazhayath Ravi 20240226 20240527 20240516: Not-needed-anymore. apazhayathravi@ucdavis.edu fguest3 Eliot Young 20230712 20240430 extended on 20231231, 2024027 efy@boulder.swri.edu (requested only through 202404). fguest7 Rena Lee 20230512 20240430 3 extended by request on 13Sep23, renaalee@hawaii.edu 20231231, 20240229. fguest6 Christian Flores Gonzalez 20230714 20231231 extend by request on 12Oct23. caflores@hawaii.edu fguest2 Mark Bullock 24Jun23 30Sep23 - mbullock75@gmail.com fguest7 Rena Lee 23Nov22 28Feb23 (disabled on 24Apr2023) renaalee@hawaii.edu fguest4 Benjamin Rackham 03Sep21 28Feb23 extend to Feb23. Has many 2022B runs. brackham@mit.edu (disabled on 24Apr2023) fguest5 BELINDA DAMIAN 29Aug21 31Oct22 extend to Oct31 (multiple 2022A runs). belinda.damian@res.christuniversity.in (disabled on 25Nov2022). fguest6 Mark Rushton 05May22 31Aug22 user 2022A041. MRushton@uclan.ac.uk fguest1 Rosie Johnson 11Feb22 31May22 extend to 31May, per email on 27Apr. roj40@aber.ac.uk fguest3 MIZNA K A 09Nov21 07Feb22 - mizna@students.iisertirupati.ac.in fguest2 Jessy Jose 16Nov21 31Jan22 Deactivated on 31Jan22. jessyvjose1@gmail.com