|
Size: 1149
Comment:
|
Size: 2780
Comment: Note on Kerberos Problems on PW change
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = Linux / MacOS = To change your password please log in with !SecureShell (ssh) to 'login.coli.uni-saarland.de' and enter the command 'yppasswd'. |
= How to choose a good password = A password should be 10 characters or longer. A practical approach for choosing a new passwords is to |
| Line 5: | Line 6: |
| yppasswd | apg -a0 -MNLC -t -m10 -x10 |
| Line 7: | Line 8: |
| Passwords generated this way will take on average approximately 64 years to be broken by a 8xTitan-X GPU cluster node. = Linux / MacOS = To change your password please log in with !SecureShell (ssh) to 'login.coli.uni-saarland.de' and enter the command "passwd". {{{ ssh login.coli.uni-saarland.de passwd }}} __'''''Note:'''''__ Changing your password will invalidate old Kerberos Tickets and thus sessions. Make sure to log out from all Kerberos enabled systems and/or do a kinit to get new tickets. An invalid Kerberos Ticket might be the reason you have no access to your home directory anymore. (As of September 2016 the shares are not Kerberos enabled yet. This will change though) |
|
| Line 10: | Line 24: |
| = Email = | = Email / Web Server = |
| Line 13: | Line 27: |
| = How to choose a good password = A password should be |
= More information on passwords = == A password should be == |
| Line 18: | Line 32: |
| * new, do not reuse your old password(s)! | |
| Line 19: | Line 34: |
| To choose a password which is not easy to guess, use a non predictable combination of upper/lower case letters along with numbers and special characters. To help you create a safe password log in via ssh to login.coli.uni-saarland.de (using your old password) and start 'apg' {{{ ssh login.coli.uni-saarland.de apg -a0 -MNLC -m8 -x8 }}} You may choose any of the suggestions, if you like you can modify them a little. |
== Diceware == A very good way to create hard to guess, yet easy to remember passwords (or passphrases) is to employ the "diceware" method using real world, physical dice. In short |
| Line 26: | Line 37: |
| More tips on secure passwords can be found here: http://www.microsoft.com/protect/fraud/passwords/create.aspx | * roll a dice 5 times, * look up the word which corresponds to the result using an existing list of words, * repeat until you have 6 words. * Your 30 dice rolls yielded ~77 bits of entropy which is now encoded in the 6 words you chose. A more detailled description including word lists for many languages can be found here: http://world.std.com/~reinhold/diceware.html == Mini FAQ == Q: If I use more than 10 characters I am more secure, right? <<BR>> A: No, not really. Currently we consider a 10 random character password "safe", but feel free to use longer passwords. Please consider that there are other ways to attack your account besides a brute force password attack. Be aware of the fact that there is no perfect security. <<BR>> https://xkcd.com/538 <<BR>> <<BR>> Q: How about passwords I use on the Internet with my web browser? <<BR>> A: We recommend using a password manager/password generator, like "keepassx", to create and store long (>30 chars) random passwords. We also recommend using the built in web browser password storage, but it is mandatory to use a strong (see above) master password (Firefox: Preferences -> Security -> Change Master Password) when doing so! |
How to choose a good password
A password should be 10 characters or longer. A practical approach for choosing a new passwords is to
ssh login.coli.uni-saarland.de apg -a0 -MNLC -t -m10 -x10
Passwords generated this way will take on average approximately 64 years to be broken by a 8xTitan-X GPU cluster node.
Linux / MacOS
To change your password please log in with SecureShell (ssh) to 'login.coli.uni-saarland.de' and enter the command "passwd".
ssh login.coli.uni-saarland.de passwd
Note: Changing your password will invalidate old Kerberos Tickets and thus sessions. Make sure to log out from all Kerberos enabled systems and/or do a kinit to get new tickets. An invalid Kerberos Ticket might be the reason you have no access to your home directory anymore. (As of September 2016 the shares are not Kerberos enabled yet. This will change though)
Windows
Press CTRL-Alt-Del and select "Change Password". Windows passwords are independent from Linux / MacOS / Mail passwords.
Email / Web Server
Your email password is the same as your Linux / MacOS password.
More information on passwords
A password should be
- kept secret
- changed on a regular basis
- not be easy to guess by others (like your Matrikelnummer or 'klausi1' for instance)
- new, do not reuse your old password(s)!
Diceware
A very good way to create hard to guess, yet easy to remember passwords (or passphrases) is to employ the "diceware" method using real world, physical dice. In short
- roll a dice 5 times,
- look up the word which corresponds to the result using an existing list of words,
- repeat until you have 6 words.
- Your 30 dice rolls yielded ~77 bits of entropy which is now encoded in the 6 words you chose.
A more detailled description including word lists for many languages can be found here:
http://world.std.com/~reinhold/diceware.html
Mini FAQ
Q: If I use more than 10 characters I am more secure, right?
A: No, not really. Currently we consider a 10 random character password "safe", but feel free to use longer passwords. Please consider that there are other ways to attack your account besides a brute force password attack. Be aware of the fact that there is no perfect security.
https://xkcd.com/538
Q: How about passwords I use on the Internet with my web browser?
A: We recommend using a password manager/password generator, like "keepassx", to create and store long (>30 chars) random passwords. We also recommend using the built in web browser password storage, but it is mandatory to use a strong (see above) master password (Firefox: Preferences -> Security -> Change Master Password) when doing so!