Unauthorized use of equipment, sharing of passwords, etc.

John Shott shott at snf.stanford.edu
Wed Feb 14 14:01:20 PST 2001


SNF Lab Members:

Earlier this week we found an instance of an unauthorized user operating a
piece of equipment that they had enabled by logging in as someone else (who
was authorized to use that piece of equipment).

The first person has been banned from using SNF until early April and the
person who gave away their password will not be allowed to use the lab for the
next month.

Lest there be any possible confusion as to our policies, let me clarify:

Under no circumstances it is OK to log in as someone else to use equipment in
their name!!! Nor is it acceptable for someone to enable equipment that you
use "in their name". Anyone found acting in this way will be banned from the
lab for a similar period ... as will the person who gave away their password
or enabled the equipment.

Why is this our policy?

1. We expend a great deal of effort in training individuals to use each piece
of equipment in the lab because many pieces of equipment are complex, use
hazardous chemicals, have high voltages, etc.  While I'm sure than many will
point out that our existing training could be improved or more rigorous ...
there are plenty of good reasons (including the welfare of the equipment, the
health and safety of all in the lab, and liability issues) that we go to such
lengths to keep specific track of who is authorized to use each piece of
equipment.  Unauthorized use of equipment undermines all of that and greatly
increases our collective risk of facing serious problems in the SNF.

2. Our charging algorithm is based on the individual user.  Enabling equipment
in someone else's name, in effect, allows two people to work for the cost of
one ... assuming that one of them reaches the monthly cap.  The current policy
is that each individual is subject to their own cap ... as long as that is the
policy, we expect that all lab members will follow that policy.  Because we
are contrained to operate on a break-even basis, anybody who "underpays" by
charging their equipment time to someone who is going to reach their cap
effectively increases the costs born by the vast majority of folks who play by
the rules. That unfairly punishes those who follow the rules.

If these policies are unclear in any way, please do not hesitate to contact
me.

Thanks for your cooperation and continued support,

John


p.s. If there are any of you out there who feel a sudden urge to change your
password, you can do so by issuing the command "passwd" to a window with a
sunray prompt.  This will prompt for your old password, and then (twice) for
your new password.  Note: you actually have an account on snf as well (which
typically has the same password).  Accordingly, you will probably also want to
go to snf.stanford.edu (using "ssh snf" which will prompt you for your old
password there ...).  Once on snf, you can issue the "passwd" command there
and go through the same exercise to change your password there.

p.p.s.: Because of different encryption methods, any of you using remote coral
have also set your "Remote Coral" password ... this may be changed with the
"Set Remote Coral Password" on the LOCAL Coral client.



More information about the labmembers mailing list