From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search

All user passwords are stored in LDAP on Einstein. LDAP is a system for distributing passwords to many client systems and having only one place where the actual passwords are stored (as cryptic hashes).

Basic Password Change

To change your password, log into one of our servers (but not Einstein, since it is broken), for example, and execute "passwd". The program will then prompt you for your old password, and twice for your new password. After that your password is changed. You have a year before your password expires and needs to be changed again.

Password rules: You need to make sure you use a strong password. It must contain more than 8 characters, have lower case and upper case characters, include a number, and include a symbol (~!@#$%^&*()+-{}[]\|;"'?/.,)

Sysadmin changing password for user

This is basically not a good idea, and worse if you have to email the password to the user. You cannot do this with "passwd" if you do not know the current user's password, so you will need to manipulate the password directly in the LDAP database. You can use JXplorer for this. See LDAP After you change their password, you ALSO need to change the "shadowLastChange" to something later, like 398 days before now, so that the password you set expires soon and the user needs to update their password with "passwd".