[IUG] Password changes on Innovative server
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Date: Tue, 25 Oct 2011 17:23:44 +0000
- From: "Helmick, Nancy" <helmick dot 1 at osu dot edu>
- Subject: [IUG] Password changes on Innovative server
Our campus IT has implemented a policy that forces password changes every 90 days on every university machine, as is probably true on many other campuses these days. When they configured this requirement on our Innovative server, they set it at the UNIX level. As a result, one day all staff who logged into a telnet session discovered that the password had expired. Whoever was the first person to open a telnet session was able to change it, virtually locking anyone else in the department from logging in (we have departmental, not staff specific, logins). This impacted our telnet sessions only, not our Millennium sessions.
Eventually I discovered that changing the password at the UNIX level caused corruption of our contention groups, the statistical group numbers, printer IDs and the group names (substituting a set of garbage characters). Once I managed to get the IT group to back out of what they had installed, I discovered that the logins that were totally corrupted and had to be deleted and rebuilt from scratch.
Changing the password at the application level is not "seen" at the UNIX level and changing the password at the UNIX level just corrupts the login entirely.
What I'd like to know is whether or not anyone else has experienced this and what you did to resolve it? Surely others are required to regularly change the passwords on your machines? We got a temporary reprieve, but still have to figure out how to comply with the university's security policy. We've reduced the number of telnet sessions to some degree, but each dept must still use it to walk student assistants through the changes to their personal passwords.
Nancy L Helmick
Information Technology Division
The Ohio State University Libraries
490C Science & Engineering Library
175 W 18th Ave
Columbus, OH 43210
helmick dot 1 at osu dot edu
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--- StripMime Report -- processed MIME parts ---
text/plain (text body -- kept)