# Account maintainance commands [[template id=note text=""" In commands, Don't take square and angle brackets literally: * \ should be replaced with your own info - including the angle brackets * [This] is optional parts of the command - including the square brackets """]] ## Normal users ### Create new account 1. Pick a username: * Start with the initials of the user * Include also second letter of either first name or surname * If necessary, add third letter of first name or surname (or a trailing number) * The result should be practical (short and related to the name of the user) but must not be a nickname or initals: A username is comparable to the shape of a key - the user may get confused in every day use if it looks like a toy or jewelery! 2. Create the account: localadduser [] [...] * Full name: Full name (Capital and small letters allowed, as is space and special characters, but no comma!) * Cellphone: Cellphone number including country code but without other spaces. Like this: +45 40843136 * Addresshint: local part of email address, followed by @-sign, and optionally followed by mailgroup. Like these: jonas@ js@pool_of_maildomains 3. Send a cellphone text message to the new user with the following text and the password spit out from the command above: Here is a temporary password for your account. You MUST change it within 14 days. More info at http://wiki.homebase.dk/BrugerKonto . Password: Or in danish: Her er en midlertidig adgangskode til din konto. Du SKAL skifte den inden 14 dage. Mere info på http://wiki.homebase.dk/BrugerKonto . Koden er: 4. Compose an email based on [[introemail]] skeleton: * If an ouside working email address has been provided, then use that as recipient. Alternatively use the contact person of the new user (teacher, boss etc.) as recipient. * Add \@homebase.dk as Cc: * Add hostmaster@homebase.dk as Bcc: * Add teknik@lists.homebase.dk as Reply-To: TODO: Automate more: sending out sms and email should happen automatically. ### Attach groups to account 1. Attach the account to relevant organisational groups: (user=; for group in [ ...]; do adduser $user $group; done) ### Add/replace additional email addresses to account Use the following command to change hinting of an existing user account: chfn ## Update email address info in smtp server 1. Run this command: localmaildomainprepare 2. Check and correct warnings, and repeat above command. 3. When satisfied with result, run this command: localmaildomainupdate FIXME: localmaildomainupdate should email diff file to postmaster@homebase.dk ## Extend password lifespan When a user has changed password into something personal, the password lifespan is extended to 1 year: (user=; chage -M360 -W30 $user) TODO: The above command should ideally never ever be invoked manyally, but automatically through PAM ## Reset password 1. Reset the actual password using the following command: (user=; gpw 10 11 && finger $user && passwd $user && chage -M30 -W14 $user) 2. Send a cellphone text message similar to the one for creating a new account. TODO: Write a script to do the above + inject a self-chosen password + warn before resetting + spit out sms ## Warn about password expiry 1. Notice log messages warning about passwords soon expiring 2. Send a cellphone textmessage with the following content: You must change your password - it soon expires! Read how and why at the web page http://wiki.kaospilot.no/BrugerKonto Or in danish: Du skal ændre din adgangskode - den udløber snart! Læs hvordan og hvorfor på websiden http://wiki.kaospilot.no/BrugerKonto TODO: Rewrite as automated syslog-ng plugin or cron script passing the message to an sms gateway. ### Locate users with short password lifespan (group=; echo $group:; for user in `members $group`; do chage -l $user|egrep -q '^Maximum:[[:blank:]]*[0-9]{2}$' && printf $user'\t' && chage -l $user|egrep '^Password Expires:'; done)