How do you make memorable passwords? IE:
EoFwD&Taf2... Every Other Friday when Dave & Tammy are free to ... suffix (...) part is the a code for what group the machine is in....though it kind of falls apart now that everything in the data center belongs to ITS and we can put difference service groups onto the same machine. Like there are 14 servers (I was surprised with ISO told us there were that many....I just know there's a bunch of really old boxes, that haven't been patched or upgraded in over 3 years...that we have tried to get them to upgrade in the past. The last time I touched something they threw a fit that it made everything slow. Our BigIP 2400 failed completely shortly after EOSL...even though we had swapped in 3 refurbs into the HA pair in its final year that they would still sell us support for it, and they had made 0 progress on moving the application to the new servers behind the other BigIP....so I had move the old servers... Though that was having networking change vlan assignment and update network config type move. This summer's project is a physical move....move from the old racks into the new APC solution. Now sure what the operators are going to do when we retire the old room coolers (they come in every hour to clear the alarms ... which go off again almost as soon as they leave....) Though they did learn their lesson on the APC....the old racks ran off of 3 symmetras...which we keep under 50% and each leg goes to a different UPS (some servers having 3)....we did have a problem where power strips being loaded up over 50%. So, we did have cascade outages when a powerstrip overloaded. nice thing about the APC solution is we don't have to do our own guess math.... It seemed everytime one former admin put in a new server, there was a cascade outage. And, these old racks are among the last to move to new racks, because all the mission critical servers on in them. Yeah, you got paid late this week, because you caused a cascading outage during the maintenance window....actually everybody got paid late. Not entirely sure why payroll processing is done the same weekday night of the maintenance window....and its the last 'minute' to run it. The box is nearly 7 years old....though it isn't EOSL until April 2014. We did recently get some M4000's....initially with just one CPU card and 128GB of memory....which we'll carve up to run containers for FIS/HRIS and others as needed. And, we had moved the web stack for HRIS a while back to some T5120s....though 16G is kind tight on those boxes. Only two web containers, on them...but we've had disruptions due to running out of memory. At least its not like the T5120s that the central web site is on....16G machine, with 7 containers....4 of them have 4G phys mem caps on them...can't figure out why the website is having out of memory issues. Though I did recently double the swap from 4G to 8G on those servers.... Anyways...the lesson they learned on the APC...when they were going in...they said its a real waste to only use 50% of the UPS in the APC solution....so UPS on each side of the enclosure only feeds down their side, so all legs are on the same UPS, though they try to keep them on different phases. Winter storm hits, power blinks, one of the UPSs in the APC enclosure failed. Oops. Now we are back to criss-crossing, etc. They also did decide to really put the stuff on maintenance. There have been UPS outages in the past, where they said we would put them on maintenance....but then when next time happens, we find that they never did. Though the criss-crossing didn't happen until recently (after another outage is January)....it was the monthly generator test, and the transfer switch failed. one side ran down before they figured out how to override the transfer switch to go back to utility power. We also had 2 of the 3 symmetras for old racks run down....was not a fun night. Good thing I was working late.... They said in the future they would have somebody on hand that can service the generator and transfer switch before doing the test. There were notes in the test log of previous monthly tests that didn't go smoothly, but a manager was able to force something to make it work. Though they said it was a good thing that one time facilities tried to force the transfer switch my sticking a pry bar through it and bouncing on it...didn't succeed, 'cause it would've thrown him across the room among other things.... But, apparently they can't get anybody that will come out anymore for that....so there haven't been any tests since. Hopefully it'll be a quiet Kansas summer with no storms.... Guess the tech that had come out for service after the January outage won't come back. They were teasing him about how he was all gloved up on one hand, and keeping his other hand behind his back while working on our system....then he got to the important part where he needed to put things into bypass first. So, we had to switch to generator for that.... So...ADir goes and hits the test button and tells him he has 20 minutes to do what he needs or he's getting zapped. And, he wasn't kidding. Of course, the example password isn't real....but EOF is real, and its coincidence that it currently falls on payday. Our real root passwords are currently 8 characters (5 character prefix and 3 character suffix)....this is the first year that users can have passwords longer than 8 characters, and security wants minimum password length changed from 7 characters to 14 for the next password change window (but doesn't look like we can get rid of the last remaining Solaris 8 servers by then)...also wants to eliminate the change window and go to 6 month expiration, though the latter is more to cut down on calls from people complaining about why they have to change their password when they just changed it just before the change window....happens since they tend to have a lot new hires start in July... (change window is ~6 weeks starting on the first of the month when fall and winter semester starts)...I started in July, and I was kind of annoyed at first...spent all that time crafting a new password and having to come up with a different one so soon (and yet other systems still use that first password I had, or did until I accidentally typed it into an IRC channel (one of the ones I use to chat with other admins on campus). My desktop isn't tied into the central AD....and I type the password a lot, because screensaver times out at 5 minutes and locks (though somewhere after I upgraded to Windows 7...the locking part often failed, sometimes even the screen saver wouldn't work....wasn't until it got too bad that I googled for the registry fix) Policy is that our desktops lock at 20 minutes, though I once worked at a place where the policy was 5 minutes....though admittedly, 2 of the 3 people on the committee were running seti@home.... I'm pretty sure DoD policy is 10 minutes (though they recommend shorter if possible). I want to say that state policy is 60 days on passwords, but the university is exempt. I heard they are looking at two-factor authentication now....though last year the ID office has stopped putting smart chips on our ID cards. The only places that were using them was the library and CIS. The library was first, because they are open to the public so there's a need for public use of the lab computers in the library, but limit certain resources (namely 'free' printing) to students. They were also the only place that had vending machines that could use the chip. CIS later got some Sun Rays and played around with using that. But, those vending machines started wearing out....so once the library stopped having those vending machines, the ID center stopped putting them on ID cards. Plus its the same system they use for military ID cards, and there had been a couple times where the machines got stolen. I know they do use the smart chip for 2-factor authentication at Ft. Riley. Library vending machines now take credit cards, including the RFID ones. Maybe they'll put RFID in the university id card. Though probably won't cut the number of cards I carry around. I have a University ID card (the mag strip is used to get me into through staff doors at the library), a department photo id (which we're supposed to have visible when working around campus....) which has no special features on it. And, a blank rfid card....mine opens just my office and the datacenter. But the new guy that administers the system, just issues new rfid cards that'll open everything. I've thought about losing mine, so I can get access to some of the other rooms that I occasionally need to go into. Though we've also challenged why people that have no business in the datacenter, get access to it (and since the mainframe went away, there's nobody sitting at the window to watch if people go in through the loading door to the datacenter. The other 3 doors have people around them, network operations center is by one door, our group is by another, and currently it security and networking are by the other....but they keep saying they want to move networking group to an office building away from campus. Well, move all of IT to a building far away from campus (and a secondary data center). Ignoring that...that building was along the path that the tornado that hit in June 2008, fortunately the tornado hopped over that building before touching down again on campus. The news station's weather camera was on a tower on campus, and it got to watch itself being taken out by the tornado. I also hate that the department ID's badge hole is for horizontal form...and the RFID card is for vertical. Other groups on campus have vertical ID cards... Though I've thought about getting a new department ID card, especially since it was issued for the department that ceased to exist a few weeks after I started. That summer I was waiting to hear from 3 universities about jobs. All of them were undergoing reorgs... I ended up at the one that didn't let the reorg get in the way of making an offer. Sometimes I wonder if I should've waited. Of course, previous job...I relocated from Alberta (Canada) to Ohio...into a 6 month contract to hire position. People knew, including some that weren't supposed to...and involved in my hiring, of an impending major change....5 weeks after I started the company was acquired....by a Canadian company. 6 month contract turned into 16 months before I was hired, and even then it was a major thing to happen...but the VP of HR was quitting, so she slipped me in before she did. Good times.... On 5/14/2011 6:44 PM, Tracy Reed wrote: > On Sat, May 14, 2011 at 06:25:54PM -0500, Lawrence K. Chen, P.Eng. spake > thusly: >> Manager commented the other day, that its interesting that most of root >> password prefixes are about people leaving us. Found a server that wasn't in > What do you mean by "root password prefix"? > -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator For: Enterprise Server Technologies (EST) -- & SafeZone Ally Snail: Computing and Telecommunications Services (CTS) Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102 Phone: (785) 532-4916 - Fax: (785) 532-3515 - Email: [email protected] Web: http://www-personal.ksu.edu/~lkchen - Where: 11 Hale Library _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
