EIC/BNL Computing discussion

[Kolja Kauder <kkauder AT gmail.com>]

Hi Maxim,

There are multiple logins of course. So I had to change for kkauder
and eickolja. All I was trying to say is once I've done that on the
website, the new password propagates to rcf, mattermost, ...

Kolja

On Wed, Sep 23, 2020 at 12:52 PM Maxim Potekhin <potekhin AT bnl.gov> wrote:
>
> Hello Kolja,
>
> I am confused - you mentioned "experiment-specific logins". How can this be 
> reduced to a single log-in now? I perhaps misunderstood this from the 
> beginning.
>
> Maxim
>
>
> On 2020-09-23 12:48, Kolja Kauder wrote:
>
> Hi Maxim,
>
> Isn't that how it should be? I think I may have misunderstood your
> original question. No matter the method you used for changing, this
> password should instantly be updated wherever you can use it (if you
> remember how to do the mattermost thing which always takes me longer
> than necessary too :)
>
> I haven't used NX in a long time. Living so close to the lab, a normal
> (compressed) X11 connection does the trick and is much easier.
>
> Thanks!
> Kolja
>
>
> On Wed, Sep 23, 2020 at 12:44 PM Maxim Potekhin <potekhin AT bnl.gov> wrote:
>
>
> Hello Kolja,
>
> I didn't do anything extra after this mail exchange, but when I tried to 
> log into rssh and then on to rcas, and forced the password auth, what I saw 
> that my password was already set to the new one "automagically". This 
> should probably be tested by someone else and then added to the 
> documentation.
>
> I'm trying to use the NX service and so far not having much luck 
> (apparently due to auth as well), will keep you posted.
>
> Are you using NX?
>
> Thank you,
> Maxim
>
>
> On 2020-09-22 11:58, Kolja Kauder wrote:
>
> Hi Maxim,
>
> No, I actually used the web form again, with my other login name. I
> didn't try passwd, that may work as well.
>
> Kolja
>
> On Tue, Sep 22, 2020 at 11:55 AM Maxim Potekhin <potekhin AT bnl.gov> wrote:
>
>
> Hello Kolja,
>
> For the experiment-specific password change, did you just use "passwd"?
>
> Thank you,
>
> Maxim
>
>
> On 2020-09-22 11:48, Kolja Kauder via Eic-bnl-soft-l wrote:
>
> Hi all,
>
> Just to clarify a few things:
> - You use this login in a few places, most prominently when you use
> kinit or connect to a node like eic104, but also for example in the
> bnl mattermost.
> - I would google a pass phrase generator. I used
> https://urldefense.com/v3/__https://randompassphrasegenerator.com/?r=3__;!!P4SdNyxKAPE!XY0PWqe_Lfbw6V3X-vDuajOEOGonzB2-e5fbvrsOJuaHQq3fwkSvv3w3bk2xH8zIlCpQAOGT8Cg$
> but I have no higher knowledge how good or safe this one is.
>
> - Don't forget, you probably have two logins! For eic and your
> experiment, so update both. I actually used a private tab but also
> contacted support to provide a "logout" button to the website.
>
> Kolja
>
>
>
> On Wed, Sep 16, 2020 at 2:07 PM Kolja Kauder <kkauder AT gmail.com> wrote:
>
>
> Hi all,
>
> SDCC has now formally announced the password policy change and
> provided information and tools here:
> https://www.racf.bnl.gov/docs/authentication/passwords
>
> IMPORTANT: Please update your password by OCTOBER 12th to avoid being
> locked out of
> your account.
>
> Thanks,
> Kolja
>
>
> On Mon, Sep 14, 2020 at 9:49 AM Kolja Kauder <kkauder AT gmail.com> wrote:
>
>
> Hi all,
>
> The SDCC/RACF password policy is changing (as of Monday 9/14/2020) to
> conform with new requirements from the DOE.  The new policy is that:
>
> 1.   Passwords will not ever expire.
> 2.   Passwords do not have to satisfy any specific complexity rules or have 
> any
>       specific set of special characters.
>
> However,
>
> 3.   Passwords must be at least 16 characters long (!)
> 4.   New passwords will be compared to a database of insecure and/or
> cracked passwords when they are created, and will be rejected if they exist
> on the list of insecure passwords.
> 5.   Passwords will be rejected if they match any of your previous 24
> passwords.
>
> As of this time, only the SDCC/RACF password will be affected.  This is
> the password that is used for logging into the SDCC facility and which
> is used for your kerberos credentials.   In particular, the RACF email
> account passwords are not affected by this policy change.
>
> There should be an official announcement from the SDCC tomorrow
> announcing this change and providing links for a web based application
> to change the password.   You should also be able to change the password
> as normal from the SDCC linux command line.   After the official
> announcement, I will forward any instructions or links to this mailing
> list as well.
>
> You will have 1 month to change your password to comply with the new
> policy.  If you fail to do so within that time period you will be
> locked out of your account, and need to fill out an RT ticket to restore
> access.
>
> Thank you,
> Kolja
>
> (Thanks to Jeff Landgraf whose wording I stole)
>
> --
> ________________________
> Kolja Kauder, Ph.D.
> Post-Doctoral Research Associate,
> Brookhaven National Lab, Upton, NY
> +1 (631) 344-5935
> ________________________
>
>
>
>
> --
> ________________________
> Kolja Kauder, Ph.D.
> Post-Doctoral Research Associate,
> Brookhaven National Lab, Upton, NY
> +1 (631) 344-5935
> ________________________
>
>
>
>
>
>


-- 
________________________
Kolja Kauder, Ph.D.
Post-Doctoral Research Associate,
Brookhaven National Lab, Upton, NY
+1 (631) 344-5935
________________________