# Account maintainance commands ## Normal users ### Create new account 1. Have the following information ready: * Full name * Cellphone number 2. Pick a username: * Start with the initials of the user * Include also second letter of either first name or surname * Add a trailing number if necessary (or better: third letter of first name or surname) * The result should be practical (short and related to the name of the user) but must not be a nickname or initals: A username is comparable to the shape of a key - the user may get confused in every day use if it looks like a toy or jewelery! 3. Generate some random passwords and create the account using a good one (pronaouncable but meaningless) of those codes: (user=; gpw && adduser $user && chage -M30 -W14 $user) * Full name: Full name (Capital and small letters allowed, as is space and special characters, but no comma!) * Room number: Primary group within the organisation * Work phone: POTS phone number (optional) * Home phone: Cellphone number * Other: leave this blank for now (do not unclude email hints yet!) 4. Compose an email based on the introEmail skeleton: * If an ouside working email address has been provided, then use that as recipient. Alternatively use the contact person of the new user (teacher, boss etc.) as recipient. * Add \@users.kaospilot.no as Cc:. * Add tech@lists.kaospilot.no as Reply-To:. 5. Send a cellphone text message to the new user with the following text: Here is your new password. It MUST be changed within 14 days - read https://wiki.kaospilot.no/BrugerKonto and check your mail. The code is: Or in danish: Her er din nye adgangskode. Den SKAL ændres inden 14 dage - læs websiden https://wiki.kaospilot.no/BrugerKonto og check din mail. Koden er: FIXME: Gør denne rutine semi-automatisk: Valg af adgangskode og udsendelse af sms bør ske automatisk. ### Attach groups to account 1. Attach the account to relevant organisational groups: (user=; for group in [ ...]; do adduser $user $group; done) ### Add/replace additional email addresses to account ## Extend password lifespan When a user has changed password into something personal, the password lifespan is extended to 1 year: (user=; chage -M360 -W30 $user) TODO: The above command should ideally never ever be invoked manyally, but automatically through PAM ## Reset password (user=; gpw && finger $user && passwd $user && chage -M30 -W14 $user) ## Warn about password expiry 1. Notice log messages warning about passwords soon expiring 2. Send a cellphone textmessage with the following content: You must change your password - it soon expires! Read how and why at the web page http://wiki.kaospilot.no/BrugerKonto Or in danish: Du skal ændre din adgangskode - den udløber snart! Læs hvordan og hvorfor på websiden http://wiki.kaospilot.no/BrugerKonto TODO: Rewrite as automated syslog-ng plugin or cron script passing the message to an sms gateway. ### Locate users with short password lifespan (group=; echo $group:; for user in `members $group`; do chage -l $user|egrep -q '^Maximum:[[:blank:]]*[0-9]{2}$' && printf $user'\t' && chage -l $user|egrep '^Password Expires:'; done)