Passwords

Connecting to an IDRIS machine is done with a user login and an associated password. Ada, Adapp, Turing and Ergon all use one and the same password per login account.

During the first connection, the user must indicate the “initial password” and then immediately change it to an “actual password”.

The initial password

What is the initial password?

The initial password is the result of the concatenation of two passwords (respecting the order):

  1. The first part consists of a randomly generated password from IDRIS which is sent to you by e-mail during the account opening or during a reinitialisation of your password. It remains valid for 20 days.
  2. The second part consists of the user-chosen password (8 alphanumeric characters) which you provide on the “Account creation request form (GENCI)” link during your first account opening request (if you are a new user) or when requesting a change in your initial password (using the FGC form).
    Note: For a user with a previously opened login account created in 2014 or before, the password indicated in the last postal letter from IDRIS should be used.

The initial password must be changed within 20 days following transmission of the randomly generated password.

Changing the initial password to an “actual password” (which is entirely created by you) is triggered automatically during your first connection to an IDRIS machine (see below: "Example of using and changing an initial password during the first connection"). If this first connexion is not done within the 20-day timeframe, the initial password is invalidated and an e-mail is sent to inform you. In this case, you just have to send an e-mail to to request a new randomly generated password which is then sent to you by e-mail.

An initial password is generated (or re-generated) in the following cases:

Account opening (or reopening)

An initial password is formed at the creation of each account and also for the reopening of a closed account.

Loss of the actual password

  • If you have lost your actual password, you must contact to request the re-generation of a randomly generated password which is then sent to you by e-mail. You will also need to have the user-chosen part of the password you previously provided in the FGC form.
  • If you have also lost the user-chosen part of the password which you previously provided in the FGC form (or was contained in the postal letter from IDRIS in the former procedure of 2014 or before), you must complete the “Request to change the user part of initial password” section of the FGC form, print and sign it, then scan and e-mail it to or send it to IDRIS by postal mail. You will then receive an e-mail containing a new randomly generated password.

Example of changing an initial password to an actual password during the first connection

You would like to use your initial password (and you do not have the ssh key to connect) and then change it to an “actual password”. Below is an example of the first connection and creating the “actual password” for the login1 account on Adapp.

Recommendation : Before beginning the procedure, carefully prepare the new password which you will enter (see Creation rules for "actual passwords" in section below).
Important note: The initial password will be requested two times.

$ ssh login1@adapp                                                         
login1@adapp's password:                ##Enter your INITIAL PASSWORD##
Last login: Fri Nov 28 10:20:22 2014 from machine.idris.fr
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user login1.
Enter login(    ) password:              ##Re-enter your INITIAL PASSWORD##    
Enter new password:                      ##Enter your new password##
Retype new password:                     ##Re-enter your new password##
     password information changed for login1
passwd: all authentication tokens updated successfully.
Connection to adapp closed.
$ 

You will be immediately disconnected after entering a correct actual password (“all authentication tokens updated successfully”). You may now re-connect using your new actual password.

The actual password

Once your actual password has been created and entered correctly, it will remain valid for one year (365 days).

How to change your actual password

As each login account has its own unique password, you can change your password at any time by using the UNIX command passwd directly on any of the computers. The change is taken into account immediately for all the machines. This new actual password will remain valid for one year following its creation.

Creation rules for "actual passwords"

  • It must contain a minimum of 12 characters.
  • The characters must belong to at least 3 of the 4 following groups:
    • Uppercase letters
    • Lowercase letters
    • Numbers
    • Special characters
  • The same character may not be repeated more than 2 times consecutively.
  • A password must not be composed of words from dictionaries or from trivial combinations (1234, azerty, …).

Note:

  • Your actual password is not modifiable on the same day as its creation or for the 5 days following its creation. Nevertheless, if necessary, you may contact the User Support Team to request a new randomly generated password for the re-creation of an initial password.
  • A record is kept of the last 6 passwords used. Reusing one of the last 6 passwords will be rejected.

Password expiry

If, despite the warning e-mails sent to you, you have not changed your actual password before its expiry date (i.e. one year after its last creation), your password will be invalidated. As in the case of losing an actual password, you must contact to request the re-generation of a randomly generated password which is then sent to you by e-mail. You will also need to have the user-chosen part of the password you previously provided in the FGC form.

Account blockage following 15 unsuccessful connection attempts

If your account has been blocked as a result of 15 unsuccessful connection attempts, you must contact the IDRIS User Support Team.

Account security reminder

You must never write out your password in an e-mail sent to IDRIS (User Support, Gestutil, etc.) no matter what the reason: We would be obligated to immediately generate a new initial password, the objective being to inhibit the actual password which you published and to ensure that you define a new one during your next connection.

Each account is strictly personal. Discovery of account access by an unauthorised person will cause immediate protective measures to be taken by IDRIS including the eventual blockage of the account.
The user must take certain basic common sense precautions:

  • Inform IDRIS immediately of any attempted trespassing on your account.
  • Respect the recommendations for using SSH keys.
  • Protect your files by limiting UNIX access rights.
  • Do not use a password which is too simple.
  • Protect your personal work station.