Xref: utzoo alt.security:2754 comp.unix.admin:2393 news.sysadmin:3898
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!jjc
From: jjc@unix.cis.pitt.edu (Jeffrey J. Carpenter)
Newsgroups: alt.security,comp.unix.admin,news.sysadmin
Subject: RE: Password Change Policies
Message-ID: <146193@unix.cis.pitt.edu>
Date: 30 Jun 91 02:24:35 GMT
Reply-To: jjc+@cis.pitt.edu (Jeffrey J. Carpenter)
Organization: Univ. of Pittsburgh, Comp & Info Sys
Lines: 43

>Please answer the following questions (or as many as you have
>information for) and return them to me, I will post a summary message to
>the list.
>
>
>1. Do people needing to have their password go to a central site (like
>an Accounts Office) to get their password changed or can they go to any
>computing lab?
>
>2. Do you reset the password to the original password or do you set it
>to something else (what the user requests, what you assign, etc...)?
>
>3. Do you permit password changes over the phone?  If so how do you
>verify that the user is who he says he is?
>
>4. Who is authorized to change passwords (Full time employees, part-time
>employees, accounts office people, lab operators, user consultants,
>etc...)?
>
>5. Please list any other comments not covered by the questions above.
>


I have compiled the responses to my original posting.  It is too large to 
post, so I have made it available for anonymous ftp at FTP.PITT.EDU in the 
directory public/info/general/password-change-policies.txt.  If you do not 
have access to FTP, send me mail and I will mail the file to you.


Thanks to all who responded.



	jeff

--------
Jeff Carpenter

University of Pittsburgh, Computing and Information Services
600 Epsilon Drive, Pittsburgh, Pennsylvania 15238
jjc+@cis.pitt.edu, jjc@pittvms.bitnet
+1 412 624 6424,    FAX +1 412 624 6436