An observation from changing my password
I've changed my password at work, or started to change it at least (this will be an extended process). Doing this has reinforced some things that I know but rarely think about, and exposed a surprising inconvenience in how I do things.
The big thing is that you don't really remember how many machines you have accounts on until you try to work out how many different places you need to change your password. This is not really an issue for users (if us sysadmins are doing our job right, they change their password once and it magically propagates everywhere), but as a sysadmin I have access to all sorts of isolated machines that are not part of our password propagation system. Which means that I get to change my password on all of them, assuming that I can remember what they all are.
(In looking at this, I see that
usermod on Linux machines actually
has an option to just staple a new encrypted password into place. This
reduces the problem to running a command as root on most of those
machines, which is a mostly solved problem around here. In fact, I was
already using 'run a command everywhere' to check
/etc/shadow to see
if I'd updated my password by looking at the last-changed field.)
The surprising inconvenience is that I have set up ssh identities to give me passwordless access to my account on most machines; in fact, a lot of my usual environment relies on it. This did not strike me as a problem until I changed my password and suddenly started wanting to type the new one as much as possible to reinforce it in my mind and my fingers. Suddenly all of that passwordless access was inconvenient as well as convenient, since it meant that I'm really not typing my password all that much. This has both surprised and amused me, because sometimes I am easily amused by the perversities of life.
(Turning my ssh identities off completely would likely make various
parts of my environment explode in even less convenient ways, so I've
resorted to modifying an
ssh cover script I already had lying around
to turn this off, and using the cover script periodically just to
reinforce things. You might wonder why I have an
ssh cover script
lying around, one that I do not mind hacking up this way; the answer is
that it's set up to ignore my known-hosts file, which is very convenient
when you keep reinstalling virtual machines that you want to
Comments on this page:Written on 05 September 2010.