More security in the computing center!

Password managment with Kerberos

Beginning from 7/1/2002, a new log-in procedure is running in the HP-Pool (UNIX). Instead of past uncertain NIS-Servers, a Kerberos server is activated. First, the user recognizes nothing, because the past NIS passwords are taken over for a short transition period for the Kerberos server. These are the first passwords for the Kerberos server. After the transfer the user receives a mail. He is asked to modify the password.

Where do I use which password?

There is only one password for all services of the Computer Center.

Wo darf ich mein Passwort eingeben?

Das Passwort darf nur auf WWW-Seiten des RZ eingegeben oder zu deren Servern geschickt werden. Insbesondere die Weitergabe an Dritte ist gemäß Benutzerordnung nicht gestattet! Auch das Hinterlegen des Passwortes für sog. E-Mail Sammeldienste stellt eine Weitergabe dar und ist nicht gestattet.
Eine Liste der unterstützen Dienste des RZ bei denen Sie Ihr Passwort verwenden dürfen finden Sie hier.

Why do I need to change my password?

Password are getting old. Everytime you use your password, there is a probability that the password will get into the wrong hands.There different ways how that can happen, here are some examples:

  • someone looks on your keyboard while your are typing the password
  • you saved your password in your email client and if you give your computer away, forget to delete the password
  • a virus on your computer saves your password while you enter it
  • you have entered your password in the wrong place (e.g. user id field) and now the password will be saved to the log file or send by mail
  • someone was able to listen to the communication between your pc and the mail server

Over time this will result in an insecure password, which will be known to more people than you like.

How can I change my password?

The WWW-Interface to use our Password Change Service you can find in the following url:

You can use the Inteface for the following tasks:

  • change you current password
  • place a mobile phone number, to easily change your password in case you forgot your password
  • to recieve a new initial password to the previous given mobile number, in case you forgot your password. The initial password needs to be changed afterwards.

Optionally you can use the UNIX command passwd to change you password.

If your password run out you can change it by your own, see change PasswordIf you have forgotten your password and you did not save your mobile number on our server, you need to write an email to the Service Desk with a copy of your ID, and the expressed wish to reset your password or you can visit the User Service Center (please bring your ID).

Was passiert, wenn ich mein Passwort nicht fristgerecht ändere?

Sie können nach Ablauf der Änderungsfrist keine Mails per POP oder IMAP mehr abrufen oder Dateien per ftp in den Homebereich oder zum WWW-Server transferieren. Selbstverständlich können Sie Ihr Passwort auch nach Ablauf der Frist noch ändern. Dazu können Sie sich entweder per ssh oder telnet (telnet ist nicht empfehlenswert, weil die Übertragung nicht verschlüsselt erfolgt) einloggen, wobei dann automatisch ein Änderungsdialog durchgeführt wird. Oder Sie können die WWW-Schnittstelle zum Ändern aufrufen. Nach der Änderung können Sie POP, IMAP oder ftp sofort wieder verwenden.

Which requirements do my password have?

Using https://ps.tuhh.de/cgi-bin/passwd there are the following enforced requirements for your password:

  • The password is not allowed to contain your account name or part of your name.
  • It has to be at least 12 characters long and not longer than 20.
  • It must contain at least one character three of the following character classes:
    • - upper case characters: A-Z
      - lower case characters: a-z
      - numbers: 0-9
      - these additonal characters: !#$%()*+,-./:;<=>?@[]_{}

Why do the passwords have to be so long?

Computers become more efficient. The speed of operation, with which passwords will be detected, increase constantly. With Kerberos, it is no more as easy as it was with the previous system, to get the password information of the entire pool, and to use then at home - or with another computer - to detect all passwords. Nevertheless it is possible also with Kerberos to detect passwords, if someone gets Kerberos-internal information. Detecting of passwords becomes more difficult when a password is longer. We decided us for 10 characters.

How can I remember such a long password?

With 10 characters you can form a small sentence quite well and separate the words by special characters or by capitalization and lower-case. It is possible to write down your password, if you protect your notes well against the access from others. This is simple to reach, if you keep the note in your purse.

Was bewirkt die Umstellung?

Statt an den bisherigen unsicheren NIS-Server werden die Rechner an den vorhandenen Kerberos -Server angeschlossen. Die meisten Benutzer merken davon zunächst nichts, da ihre bisherigen NIS-Passworte für eine kurze Übergangszeit als Anfangspassworte des Kerberos-Servers übernommen werden.

Where do I get further information?

For further questions please contact the User Service Center, E-Mail: USC(at)tu-harburg.de