|
|
Public Labs Require Passwords (and Other Important Changes)
|
| |
|
|
| |
|
|
| |
|
| |
|
|
|
Passwords in the Labs
|
| |
This fall, we are making two significant changes to the way you logon to ADN
systems and the way we deal with the passwords for your ADN accounts. These
changes affect any member of the UIC community -- faculty, staff, or registered
student -- who uses the Computer Center's public personal computer labs, our
central UNIX machines, or our VM/CMS mainframe. In short, everyone. Including
you.
Usually when we add features, we try to be "backward compatible," so that you
don't have to know what is going on if you don't want to. But we can't do that
this time, so please wake up now. Here goes:
1 You must logon with a valid ADN
netid and password to use any machine in the ADN
public personal computer labs.
If you don't have an account, or you forget your password, you can't use the
public machines at all -- no printing, no word processing, no games, no nothing.
(There is one exception -- you will be able to create your ADN account if you
don't already have one.) In other words, using any machine in an ADN public
personal computer lab will require you to log onto a Novell server account (which
will, in turn, supply the operating system for the personal computer), in the
same sense that using an ADN central UNIX machine requires you to log onto your
UNIX account. Just as there is no charge for the use of ADN UNIX and CMS accounts,
there is no charge for ADN Novell server accounts.
2 If you have accounts on
more than one machine (this means, for example, accounts on both UICVM and
tigger, or accounts on both icarus and the ADN lab Novell servers), we are going
to synchronize all your passwords.
So if you change your password on any of your accounts, all of your other accounts
will automatically have their passwords changed for you. If you don't remember
this, you will be rather frustrated the next time you try to log onto your other
account(s). (The synchronization only applies to ADN
machines. Accounts on machines run by other campus units are unaffected.)
|
|
| |
|
|
|
Don't Panic Yet
|
| |
Our timeline for introducing these changes is:
- As of now --
- You can logon to a personal computer in an ADN PUBLIC lab using your netid
and a valid password from icarus, tigger, or UICVM -- a fully verified logon
-- or logon as a guest and use the personal computer exactly as you have before.
Please use this time to try out the full personal computer logon. Get a netid,
create your account, ask the consultants to change your UNIX or CMS password,
or do whatever is necessary to make the fully verified logon work for you.
Use the guest logon only while you are getting your own account to work.
- Nov 1 (or soon after) --
- The guest logon will be disabled. Only fully verified logons and new account
creation will be allowed.
- Nov 1 (or soon after) --
- Password synchronization will begin. When this happens, all of your current
ADN passwords will expire and you'll be asked to change your password the
next time you logon using any ADN account. Thereafter, changing your password
on any ADN machine will result in that same password being used for all your
ADN accounts.
|
|
| |
|
|
|
What This All Means
|
| |
There are several benefits to these changes, and several ramifications you should
be aware of.
|
|
| |
|
|
|
The Benefits
|
| |
- Only one password to remember instead of many.
- Students (and others) using the ADN public labs will be assigned permanent
disk space (2 MB for students). So you won't have to carry a floppy around
all the time anymore.
- Email and posting to Netnews/Usenet newsgroups will be enabled from the
ADN public labs. For email, you will have the choice of using Eudora (storing
your mail on your Novell server account) or pine (storing your mail on your
UNIX account). (Actually, using Eudora on the personal computers will come
later, after we work out some configuration issues.)
- Easier identification of your printed output; your netid will be on the
header page rather than the number of the machine you're using. This should
reduce the frequency of lost output.
- Teachers will be able to put files on their personal Novell accounts and
access them -- or allow students to access them -- in the ADN public labs
or in the Electronic Lecture Centers without Computer Center intervention.
- Improved security.
|
|
| |
|
|
|
The Gotchas
|
| |
It is not possible to achieve these benefits without changing things a lot. So
please be aware of these potential problems.
The most important ones are:
- If you log onto a public machine, don't leave it without logging off! This
is crucial -- you are responsible for the misuse of your account by others.
And besides, you don't want others to trash your files, infect you with a
virus, or send mail in your name, do you? (Click the Logoff icon, or
turn off or reboot the machine.)
- You must use your netid to logon to the Novell servers. Even if you have
a valid CMS account, we will not accept its U-number as your logon id in the
ADN labs. This also means that faculty and staff who have not already selected
their netids should do so; see your department's
Publications phonebook contact person. (Students are assigned netids automatically.)
Some other ramifications:
- Don't share your password with anyone. Sharing passwords has always been
(which can lead to account suspension), but now even more so. Sharing your
password means sharing access to all of your accounts, not just one.
- We will precreate Novell accounts for everyone with a valid netid who doesn't
already have an ADN Novell account. (Faculty and staff who have Server Services
on their office machines already have Novell accounts; others don't.)
- In the future, anyone who creates a tigger, icarus, or UICVM account will
automatically be given a Novell account if they don't already have one.
- Obviously, the rules for what constitutes a valid password must be the same
on all machines. On some machines, then, these rules will become more strict
than you are used to.
- A few people actually have multiple accounts on the same physical machine
(mostly on UICVM). Passwords for multiple accounts on the same machine will
not be synchronized with each other. But the password for your primary account
on UICVM will be synchronized with your tigger and/or icarus and/or Novell
accounts.
|
|
| |
|
|
|
OK, enough jargon. What does this really mean to you?
|
| |
- If you use the public labs:
- In most cases, you will be able to turn the machine on, type in your netid
(your Novell login id), type in the password from your valid icarus, tigger,
or UICVM account (which will all be the same after we begin password synchronization),
and use the lab machine, be it Mac or Windows. In addition, your H:
drive will soon be permanent -- you'll be able to leave files there and retrieve
them later, even if you use a different machine. But please log off (click
the Logoff icon, or turn off or reboot the machine)when you leave.
If you are new at UIC or you don't already have an account on some ADN machine,
you must create one before you can use the personal computers in the ADN public
lab. You'll need your university i-card ID, and if you're a faculty or staff
member, you must also have selected your netid
before you can open your account. (See your department's phonebook contact
person.) Then just turn on any machine in an ADN public lab, select "Account
Create", and fill in the requested information.
Students should select an account on icarus (our Sun UNIX machine) and faculty/staff
should select an account on tigger (our IBM UNIX machine). In either case,
a Novell account will be created in addition to the UNIX account. (Even if
you don't plan to log onto UNIX directly, you'll need the UNIX account for
email.) If, for some reason, this account creation procedure fails, then take
your i-card to an ADN consultant and ask for an account.
If you have an account on tigger or icarus and one account on UICVM:
- Life is good. Your passwords will be synchronized, and you'll have a Novell
account to use in the ADN public labs. But if you want to use the password
from your CMS account when you logon in the ADN public labs, be sure your
netid is associated with that UICVM account first! (If you don't know what
this means, log onto UICVM and enter: acl
This returns various information about your CMS account, including the netid
that is associated with it. If you have a netid, but acl lists your netid
as <none>, either enter: netid on CMS, or stop by the Client
Services Office to have this fixed.)
- If you already have Server Services in your office:
- You can log onto your Server Services Novell account in the ADN public labs,
but you must specify your full Novell context to do so. This does mean, however,
that you can access your private files during a teaching session, without
the need for Computer Center intervention.
If you don't know your Novell context, go to the machine you normally
get Server Services on and enter the command: Z:\CX
Your context will be returned; for example, my login and context is:
bobg.NetworkApplications.comp.uic |
- Typing your full context when you log in from the ADN public labs is less
convenient than typing a simple netid, but the fact that you can access all
your personal files from many different machines should more than make up
for it.
If you have multiple accounts on UICVM:
- Only one of your CMS accounts will be considered "primary", and only that
account will have its password synchronized with your UNIX and/or Novell account(s).
(A word to the wise: CMS is not in the long term future plans at UIC, although
it will still be here for a few years. If you want some advice on how to move
to UNIX or Novell or your personal computer, ask the consultants.)
|
|
| |
|
|
|
No, no, not quite enough jargon. What is really going on here?
|
| |
The nature of computing is becoming strongly distributed. This is obvious for
the WWW, but also on campus, where people might need to use different computers
at different times, different locations, or for different capabilities. In general
the ability to do this is good, because it lowers the price of flexibility. But
it makes account and file management a real nightmare for both you and our staff,
unless we reorganize things. The long-term goal is to let you concentrate on your
real work, and let you customize your computer environment to suit your work needs,
without necessarily turning you into an expert on distributed computer architecture.
So far, in an important sense, most computers on campus have been individual
entities that you must be explicitly aware of in order to use them. There are,
of course, some important exceptions to that statement. (For example, people
with Server Services accounts can use the Novell servers without knowing the
details, and Web clients can use our Web pages without knowing which server
is contacted.)
But in general, if you use tigger (or icarus or UICVM or Server Services in
your office), you must explicitly log onto tigger (or icarus or UICVM or Novell).
For both security and functional reasons, we need to add yet another system
to this list, namely the Novell servers accessed from the public labs. But we
are reluctant to add yet another password to yet another system for yet another
service. So we are using this opportunity to make One Small Step for Real Distributed
Computing.
No, password synchronization is not the end-all and be-all of distributed computing.
But it is a first important step towards the goal of: 1) walking up to some
computer, 2) identifying yourself to that computer as a person (in the same
way, no matter which computer), and 3) obtaining some service for which you
are authorized, not caring exactly how or where on the net that service is performed.
This step is only one of many to come. Almost all steps will take the form
of added features, and will not require you to change behavior that you don't
want to change. But authentication and passwords and general security play such
a fundamental role that it is best to get started on this now.
Comments are appreciated; send them to
Bob Goldstein, bobg@uic.edu |
|
