CERN Accelerating science

This website is no longer maintained. Its content may be obsolete. Please visit for current CERN information.

next up previous
Next: Operating System Certification - Present List Up: cnl225.html Previous: Plans for the CERNSP, HPPLUS and DXPLUS services in 1997

AFS Password Rules Enforcement

  Lionel Cons CN/DCI

Unfortunately computer systems everywhere are increasingly at risk from malicious hacking attacks and those at CERN are no exception, as has been demonstrated by a growing number of incidents. The high level of interconnection of today's systems means that a successful attack on one machine may put many others at risk.

A proven defence aid against this trend is to make passwords less easily guessable, even by the quite sophisticated means available to many hackers. The service managers of systems run by CN earnestly ask for your cooperation and understanding in making this happen. Yours could be the next account to be attacked, either causing you a loss of work or endangering the accounts of others. The CERN Computer Centre Coordination Committee (C5) has decided to take some measures to help you choose better passwords.

The first step is to enforce some rules (like a minimum length) when changing an AFS password. If the new password is too weak, it will be rejected and an error message explaining precisely what is wrong will be issued. Users who need more details about the rules can find some information in the Web:

These rules are now enforced on all machines running AFS at CERN.