Automated Password Reset

The automated password reset program allows users to semi-automatically reset passwords. It is a series of three scripts (located in /afs/.ugcs/ugcs-admin/pwreset)

• pwreset_shell.py This is a shell program for the login account. It prompts the user for which one of their alternate addresses they want to use to reset the password. It needs to be copied to /afs/.ugcs/user/passwordreset/pwreset_shell.py so the account can actually read it.
• pwreset_sendtoken.py This reads the drop directory for requested resets. It then generates tokens, puts them in /afs/.ugcs/ugcs-admin/pwreset/token_db and sends an appropriate email.
• pwreset_doreset.py This email scans the mail directory of passwordreset for messages with tokens. It then prompts the sysadmin if they want to reset the password, makes a new password, and emails it back to the user.

pwreset.py is a library that contains some common code for the other files.

The tokens are kept in a flat db at /afs/.ugcs/ugcs-admin/pwreset/token_db. It must be kept secure, otherwise a user could read the token and use it to reset a password. Because of this security need, the passwordreset user must *not* have access to the token_db file, so sysadmin intervention is required.

Users

Users use this service by logging in to passwordreset@to.ugcs.caltech.edu The password is ugcs_pwreset It prompts them for their username, and lets them pick from the emails they have on file. It is then up to a sysadmin to run pwreset_sendtoken.py and pwreset_doreset.py