EIC/BNL Computing discussion

[Maxim Potekhin <potekhin AT bnl.gov>]

Hello Kolja,

I am confused - you mentioned "experiment-specific logins". How can this be reduced to a single log-in now? I perhaps misunderstood this from the beginning.

Maxim

On 2020-09-23 12:48, Kolja Kauder wrote:

Hi Maxim,

Isn't that how it should be? I think I may have misunderstood your
original question. No matter the method you used for changing, this
password should instantly be updated wherever you can use it (if you
remember how to do the mattermost thing which always takes me longer
than necessary too :)

I haven't used NX in a long time. Living so close to the lab, a normal
(compressed) X11 connection does the trick and is much easier.

Thanks!
Kolja


On Wed, Sep 23, 2020 at 12:44 PM Maxim Potekhin <potekhin AT bnl.gov> wrote:

Hello Kolja,

I didn't do anything extra after this mail exchange, but when I tried to log into rssh and then on to rcas, and forced the password auth, what I saw that my password was already set to the new one "automagically". This should probably be tested by someone else and then added to the documentation.

I'm trying to use the NX service and so far not having much luck (apparently due to auth as well), will keep you posted.

Are you using NX?

Thank you,
Maxim


On 2020-09-22 11:58, Kolja Kauder wrote:

Hi Maxim,

No, I actually used the web form again, with my other login name. I
didn't try passwd, that may work as well.

Kolja

On Tue, Sep 22, 2020 at 11:55 AM Maxim Potekhin <potekhin AT bnl.gov> wrote:


Hello Kolja,

For the experiment-specific password change, did you just use "passwd"?

Thank you,

Maxim


On 2020-09-22 11:48, Kolja Kauder via Eic-bnl-soft-l wrote:

Hi all,

Just to clarify a few things:
- You use this login in a few places, most prominently when you use
kinit or connect to a node like eic104, but also for example in the
bnl mattermost.
- I would google a pass phrase generator. I used
https://urldefense.com/v3/__https://randompassphrasegenerator.com/?r=3__;!!P4SdNyxKAPE!XY0PWqe_Lfbw6V3X-vDuajOEOGonzB2-e5fbvrsOJuaHQq3fwkSvv3w3bk2xH8zIlCpQAOGT8Cg$
but I have no higher knowledge how good or safe this one is.

- Don't forget, you probably have two logins! For eic and your
experiment, so update both. I actually used a private tab but also
contacted support to provide a "logout" button to the website.

Kolja



On Wed, Sep 16, 2020 at 2:07 PM Kolja Kauder <kkauder AT gmail.com> wrote:


Hi all,

SDCC has now formally announced the password policy change and
provided information and tools here:
https://www.racf.bnl.gov/docs/authentication/passwords

IMPORTANT: Please update your password by OCTOBER 12th to avoid being
locked out of
your account.

Thanks,
Kolja


On Mon, Sep 14, 2020 at 9:49 AM Kolja Kauder <kkauder AT gmail.com> wrote:


Hi all,

The SDCC/RACF password policy is changing (as of Monday 9/14/2020) to
conform with new requirements from the DOE.  The new policy is that:

1.   Passwords will not ever expire.
2.   Passwords do not have to satisfy any specific complexity rules or have any
      specific set of special characters.

However,

3.   Passwords must be at least 16 characters long (!)
4.   New passwords will be compared to a database of insecure and/or
cracked passwords when they are created, and will be rejected if they exist
on the list of insecure passwords.
5.   Passwords will be rejected if they match any of your previous 24
passwords.

As of this time, only the SDCC/RACF password will be affected.  This is
the password that is used for logging into the SDCC facility and which
is used for your kerberos credentials.   In particular, the RACF email
account passwords are not affected by this policy change.

There should be an official announcement from the SDCC tomorrow
announcing this change and providing links for a web based application
to change the password.   You should also be able to change the password
as normal from the SDCC linux command line.   After the official
announcement, I will forward any instructions or links to this mailing
list as well.

You will have 1 month to change your password to comply with the new
policy.  If you fail to do so within that time period you will be
locked out of your account, and need to fill out an RT ticket to restore
access.

Thank you,
Kolja

(Thanks to Jeff Landgraf whose wording I stole)

--
________________________
Kolja Kauder, Ph.D.
Post-Doctoral Research Associate,
Brookhaven National Lab, Upton, NY
+1 (631) 344-5935
________________________




--
________________________
Kolja Kauder, Ph.D.
Post-Doctoral Research Associate,
Brookhaven National Lab, Upton, NY
+1 (631) 344-5935
________________________