[OpenAFS] renaming principals (Was: One of my users has married - what to do? )

John Hascall john@iastate.edu
Mon, 30 Apr 2007 00:30:31 CDT

> >For us (iastate), they can certainly log into the unix account within a
> >few minutes, if moira's incrementals aren't sadly swamped.
> So how do you synchronize with the meatware? (the user who's getting
> the rename).  That was really the point of that paragraph.  I'm not
> considering the case of renaming all your users on Friday afternoon :-)
> Here's my typical scenario: the user tells me (via phone, in person,
> whatever), they need a rename.  I tell them back, "okay, pick a new
> password".  I do all my backend magic (by whatever means you want)
> and we're done.  Doesn't matter if I use Moira, hand-editing the
> password file, or whatever.  Although it will be less typing with Moira.

   We do it pretty much just like that.  The user faxes/calls/visits,
   the help desk enters a new Net-ID, answers "yes" to "are you sure?".
   And now, because of !&@!&@* WebCT they go to a different
   screen and enter a new password -- about quadrupling the time and
   being not nearly as convenient for long-distance changes where the
   person isn't present to enter their own new password).

   And as Tracy said, typically it's all done before they can walk
   across the room to the public machines to try it out.   Though
   sometimes longer during peak change periods.