Do not share your password. Each user should be the only one to know the password for his or her account. Well-chosen passwords are essential to preserve the integrity of the system and individual user accounts.

 

Each password must have at least eight characters.

 

Each password must contain at least three of the following four elements among its first eight characters:

 

uppercase letters
lowercase letters
special characters
digits

 

Do not use a space in a password. A space will cause the command used to register your password with the batch system to fail and you will not be able to run batch jobs.

 

Do not form a password by appending a digit to a word--this type of password is easily guessed.

 

Each password must differ from the user's login name and any permutation of that login name. For comparison purposes, an upper case letter and its corresponding lower case letter are equivalent.

 

New passwords should differ from the old by at least three characters.

 

Never leave your password in plain text (unencrypted) in any of your files. Passwords stored in this way are easily stolen.

 

When you are issued a login id, you should first logon to a CTC Login node (ctclogina.tc.cornell.edu, ctcloginb, ctcloginc, or ctclogind).  This first login must be done using a Remote Desktop Connection (Terminal Services Client); trying to login by using SSH will fail because SSH does not prompt you to change your password.

 

You will be prompted to change your password.  Refer to the Rules for Creating Passwords.

 

After you change your password, you will be logged in.

 

If you plan to use the CTC batch system or MPI, follow the instructions associated with After Changing a Password.

 

Your password will expire after 185 days.  If you login to a login node (ctclogina, ctcloginb, ctcloginc, ctclogind) using a Remote Desktop Connection (Terminal Services Client), the behavior will be as described below. If you login by using SSH, you will not be prompted to change your password. Eventually the password will expire and you will not be allowed to login via SSH.

 

About a week before your password expires, you will be asked if you want to change it. You can do it then or wait until it expires.

 

If your password has expired, you will be prompted to change it, consistent with the Rules for Creating Passwords.

 

Be sure that you have no other open connections to any CTC resources:

 

The only open interactive session should be the one in which you are changing the password. Failure to do so will lead to the system locking your account. Disconnecting is not enough.

 

Log off all other sessions connected to login nodes.

Log off all remote connections to other CTC machines.

 

Disconnect locally mapped drives to the CTC file server. If you do not do this, the system will automatically lock your account.

 

After you change your password, you will be logged in.

 

If your password has not yet expired, you can login to the CTC login nodes and change your CTC password at any time. You will want to do so if you feel that your password has been compromised in any way. For example, suppose you think that someone else knows your password or you are concerned that you issued your password in a nonsecure setting that would have led to sending it in clear text.

 

Log in to one of the CTC Login nodes (ctclogina, ctcloginb, ctcloginc, ctclogind) using a Remote Desktop Connection (Terminal Services Client).

 

Be sure that you have no other open connections to any CTC resources as discussed in the previous section.

 

Issue the following key sequence, in order, holding down all keys until the sequence is complete: Ctrl Alt Delete. This will bring up a Windows Security screen. Select Change Password... and follow the instructions.

 

After you change your password, you will remain logged in.

 

If you plan to use the CTC batch system or MPI, follow the instructions associated with After Changing Your Password.

 

 

Batch: After each password change, register your password with the batch system by issuing vsched -pa from any CTC login machine. 

 

MPI: After each password change, register your MPI/Pro password by issuing the mpipasswd command from any CTC login machine, which creates an encrypted file required by MPI/Pro.   If you do not, your MPI jobs will fail.

If you have a job running when your password expires, the current process will complete. However, if any MPI cleanup or processes start after the password is changed they will not run if the password is not changed using mpipasswd prior to that part of the process beginning.

 

 

How do I know when my password expires?

At a command prompt on a machine in the CTC_ITH domain, issue the command

net user <your login id> /domain

and look for the line "Password expires".