Passwords

Connecting to an IDRIS machine is done with a user login and an associated password. Ada, Adapp, Turing and Ergon all use one and the same password per login account.

During the first connection, the user must indicate the “initial password” and then immediately change it to an “actual password”.

The initial password

What is the initial password?

The initial password is the result of the concatenation of two passwords (respecting the order):

  1. The first part consists of a randomly generated password from IDRIS and sent to you by e-mail during the account opening or during the reinitialisation of your password. It remains valid for 20 days.
  2. The second part consists of the user-chosen password (8 alphanumeric characters) which you provided on the “Login Protection Commitment Form” (FCCU) during your first account opening request (if you are a new user) or when requesting a change in your initial password (using the FGC form)
    Note: For a user with a previously opened login account created in 2014 or before, the password indicated in the last postal letter from IDRIS should be used.

The initial password must be changed during the 20 days following transmission of the randomly generated password.

Changing the initial password to an “actual password” (which is entirely created by you) is triggered automatically during your first connection to an IDRIS machine (see below: "Example of using an initial password during the first connection"). If this first connexion is not done within the 20-day timeframe, the initial password is invalidated and an e-mail is sent to inform you. In this case, you just have to send an e-mail to to request a new randomly generated password which is then sent to you by mail.

An initial password is generated (or re-generated) in the following cases:

Account opening (or reopening)

An initial password is formed at the creation of each account, but also for the reopening of a closed account.

Loss of the actual password

  • If you have lost your actual password, you must contact to request the re-generation of a randomly generated password which is then sent to you by e-mail. You will also need to have the user-chosen part of the password you previously provided in the FCCU form.
  • If you have also lost the user-chosen part of the password which you previously provided in the FCCU form (or was contained in the postal letter from IDRIS in the former procedure of 2014 or before), you must complete the “Request to change a user password” part of the (FGC) form, print and sign it, then scan and mail it to (or send it to IDRIS by postal mail). You will then receive an e-mail containing a new randomly generated password.

Example of using an initial password during the first connection

You would like to use your initial password (and you do not have the ssh key to connect): Here is an example of the first connection and entering the “actual” password for the login1 account on Adapp.
Attention: The initial password will be requested two times.
Recommendation : Before beginning the procedure, carefully prepare the new “actual” password which you will enter (see Creation rules for "actual" passwords below)

$ ssh login1@adapp                                                         
login1@adapp's password:                ##Enter your INITIAL PASSWORD##
Last login: Fri Nov 28 10:20:22 2014 from machine.idris.fr
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user login1.
Enter login(    ) password:              ##Re-enter your INITIAL PASSWORD##    
Enter new password:                      ##Enter your new password##
Retype new password:                     ##Re-enter your new password##
     password information changed for login1
passwd: all authentication tokens updated successfully.
Connection to adapp closed.
$ 

You will be immediately disconnected after entering a valid actual password (all authentication tokens updated successfully) and this is normal. You may now re-connect using your new actual password.

The actual password

Once your actual password is validated, it will remain valid for one year (365 days).

How to change your actual password

As each login account has its own unique password, you can change your password at any time by using the UNIX command passwd directly on any one of the machines. The change is taken into account immediately for all machines. This new actual password will again remain valid for one year.

Creation rules for "actual passwords"

  • The actual password must contain a minimum of 12 characters.
  • It must contain characters belonging to at least 3 of the 4 following groups:
    • Uppercase letters
    • Lowercase letters
    • Numbers
    • Special characters
  • A character may be repeated only 2 times consecutively (that is, not more than twice in a row).
  • A password must not be composed of words from dictionaries or from trivial combinations (1234, azerty, …).

Note:

  • Your actual password is not modifiable on the same day as its creation or for the 5 days following its creation. If necessary, you may contact the User Support Team to request a new randomly generated password.
  • A record is kept of the last 6 passwords used. Reusing one of the last 6 passwords will be rejected.

Password expiry

If, despite the warning e-mails sent to you, you have not changed your actual password before its expiry date (i.e. one year after its last creation), your password will be invalidated. You must then contact to request the re-generation of a randomly generated password which is then sent to you by e-mail. You will also need to have the user-chosen part of the password you previously provided in the FCCU form.

Account blockage following 15 unsuccessful connection attempts

If your account has been blocked following 15 unsuccessful connection attempts, you must contact the IDRIS User Support Team

Account security reminder

You must never write out your password in an e-mail sent to IDRIS (User Support, Gestutil, etc.) no matter what the reason. This would necessitate the immediate generation of a new initial password, the objective being to inhibit the actual password which you published and to ensure that you define a new one during your next connection.

Each account is strictly personal. Upon discovery of account access by an unauthorised person, immediate protective measures will be taken including the eventual blockage of the account.
The user must take certain basic common sense precautions:

  • Inform IDRIS immediately of any attempted trespassing on your account.
  • Respect the recommendations for using SSH keys.
  • Protect your files by limiting UNIX access rights.
  • Do not use a password which is too simple.
  • Protect your personal work station.