shell script
Steve Phillips
steve at focb.co.nz
Mon Apr 7 16:01:57 UTC 2008
mark wrote:
> Ok, I've never had to create a thousand new users....
>
> Paul M. Whitney wrote:
>> In that wrapper script, you could also generate a changeme type password but
>> also append some unique character to each one such as first and last letter
>
> Or the student's ID would work (unless the college uses SSN (WHICH THEY SHOULD
> NOT), in which case it's back to generating one.
Sorry to be pedantic but..
Student ID ? easy to get - 'hi, whats your student ID number ?' or 'hey,
can I see your student ID card', people don't treat these things as
'private' and if you are using this as a first time password, it would
be relatively trivial to crack if someone were determined.
And appending a couple of characters ? it would take seconds for a
dictionary bash to go through every possible combination, and while this
_may_ show up in the logs, how often do you sit at your desk simply
watching logs scroll, I am guessing you have real work to do.
>> in the user login or append the UID to the password. However you approach
>> it, you can still use the convention of creating multiple cookie-cutter
>> passwords, but also give them "some" uniqueness to "lessen" account
>> compromise.
as soon as you work out a password 'system' then someone can reverse
engineer it and exploit it, completely random, changed on first login,
alpha numeric with special characters and at least 8 characters long.
pair them with the username in a file somewhere, print them out, cut the
resulting print out up and hand them to the students when they first
arrive. If the student cant find it within themselves to type 8
characters on a keyboard when they first arrive then they don't deserve
to use the computers.
>>
>> Also, you may want to automatically lock any account that is not used in
>> some fixed amount of days such as 30/45/60 so something like that.
>
> For a college, I'd think 15 or 20 days.
This has little to do with assisting in preventing account compromises
as most accounts would be compromised within the 15 day period :-)
Can still be a good idea at times tho just to assist in system cleanup -
be careful tho that the system is turned off over the break periods :-)
--
Steve.
More information about the redhat-list
mailing list