Stanford University School of Earth Science
 
Home
News
New Users
Policies
Network File Server
Web Server
Get Help
Net Connections
Your Macintosh
Your Windows PC
Your Unix/Linux System
Other School Resources
Using Unix

Changing your pangea password

Last revision June 13, 2006

This page describes the process of changing your pangea local password. This password is specific to your pangea account and is used only to access services on pangea, including the account maintenance web server, ssh command line logins or X-window tunnels, sftp or ftp file transfers, webmail for your @pangea.stanford.edu email account, and file sharing to Windows or Macintosh computers.

Your local pangea password is not the same as your SUNet ID password. Your SUNet ID password is used to access University-wide (not just Earth Sciences) services, including your @stanford.edu email account, protected web sites such as Axess, and computers in the general university clusters in Tresidder, Meyer Library, and Sweet Hall. Pangea will accept your SUNet ID password for ssh and Samson command-line logins, and for kerberized POP and IMAP email client programs, but not for the other pangea services listed above. Use the StanfordYou web site to change your SUNet ID password.

Some of the services on pangea, such as ftp, request your local pangea password in unencrypted (plain text) form. There is a small chance that a hacker could capture such as a password as it travels across the network. If this happens, and your local pangea password is the same as your SUNet password, then the hacker would have access to your important University records. Please make your local pangea password different from your SUNet password.

When you first get a pangea account, you are assigned a temporary local pangea password by the system manager. You must change that to a password of your own choosing as soon as possible. Until you change it, some services on pangea will not work for you. If you don't change it within two weeks, the account will be deleted and you will lose access to all pangea services. This is for security reasons.

You can also change your pangea password at any time, which helps maintain security of your account if your password is captured or guessed by a hacker. It's a good idea to change it at least once per year.

Obviously, when you change your pangea password, you want the connection to pangea to be encrypted to keep your new password secure. You have two options for changing your password. You only select one of these options.

  • You can use the special secure pangea account maintenance web server, which encrypts your session with SSL. Once connected, select the Change Password application. Don't forget to logout from this server when you are done!

  • You can use any ssh client program to make an encrypted command-line (terminal) login and then run the UNIX program passwd, answering its prompts. If you have a new account, and have not already changed your password using the account maintenance web server, you will be automatically prompted to change the password the first time you make a command-line login, and will not be able to run any other UNIX commands until you do so.

In either case, you will first be asked to enter your current password. This means your current local pangea password, not your SUNet password. For new accounts, this is the temporary password given to you by the system manager. Then you will be prompted to enter your own new password. For security reasons (to prevent someone looking over your shoulder), the old and new passwords that you type will not be shown on the screen. Therefore, you will be asked to enter your new password twice, to make sure that you did not make a typing error, which would otherwise set the password to something other than what you intended.

Please remember that although both of these password changing methods encrypt your communication to pangea so that your password cannot be captured while traveling across the network, if you use an insecure computer, for example, a public computer in an Internet cafe, it is possible that such a computer may be hacked and have a "keystroke logger" that captures your password as you press the keys on the keyboard. Please be sure to use a computer that has been properly secured any time you login to Stanford services.

For advice on choosing a strong password see this note. The password setting program on pangea will reject your new password if it matches any part of your own name, or any word, proper name, or common pattern found in a large dictionary of English and foreign words, or any common word with one or two characters preceding or following it, such as "99orange" or "orange!?". Your new password must be from six to eight characters long.

If you forget your password, the pangea system manager can set a new one for you. He cannot discover what your old password was, but he can give you a new temporary one, which you can then change to one of your own choosing.

 


Comments?

Stanford University    |