Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question on student user accounts

From: Derek Diget <derek.diget+educause-security () WMICH EDU>
Date: Tue, 21 Jun 2005 14:53:34 -0400
On Jun 21, 2005 at 11:59 -0400, Cal Frye wrote:
=>We had used a similar format, with an initial "S" for student, "F" for faculty,
=>etc. If there was no middle initial, we substituted an "X" as a placeholder, and
=>followed with four random digits. Obscure, so there were also email aliases of
=>firstname.lastname type. F'instance, my student uid would have been SCJF1234,
=>and my email address cal.frye () oberlin edu. But you might understand why Emily
=>Young, with no middle initial, found this scheme somewhat inappropriate ;-)
=>
=>Might I suggest some algorithm using lastname first, i.e. FryeCJ? This makes a
=>simple alpha sort of username produce something useful... That's not, of course,
=>how we do it ourselves nowadays ;-)

Our Bronco NetIDs for students are the form of first initial, last
digit of year of enrollment followed by last name.  When we started we
were truncating at 8 characters total length and exchanging the last
characters with number to generate uniqueness.  Our faculty/staff
username are first initial + last name.  As we decommissioned
machines/applications that were limited to 8 character usernames we have
started extending them to 15 characters about 18 months ago.

So some examples would be

b0bronco - Buster Bronco (the name of our mascot) if they were
        admitted in 2000

b5bronco - Above, but admitted this year.

j3smithjone1 - Second occurrence of J* SmithJones admitted in 2003.

We started this naming convention in 1999 and with ten years before
account reuse (4 or 5 years of student being enrolled on average. Yeah,
right :), the overlap was not going to be a big issue since the majority
of accounts would have been "dead" for a couple of years.

Up till about a year ago, you could have both accounts depending on your
status.  Since then, we have moved to a single account and applications
are using the eduPerson[Primary]Affiliation attributes to determine your
active roles.  So we now have faculty/staff that have a username in the
student form and "students" that are in the faculty/staff form.  We are
also in the process of rolling our Sun's Identity Manager to provision
users into our LDAP which includes POSIX information for our Sun and
Linux workstations, OpenVMS, Banner, and Luminis environments.  (All
backed with Kerberos.)  Once that is rolled out we will be adding AD and
NetWare.

With these changes we have been in the battles/discussions of having a
username based on your name and how that might effect all of these
system when marriage/divorce happens, etc.  We have not come up with an
answer that a majority of us can agree on. :(

Oh, we except mail in the form of uid@domain, but the "official" e-mail
address for everyone is a first.last variation.  99% of the out bound
mail gets rewritten to the official form by the e-mail gateways.  We just
can't every vendor applications to not auto-generate e-mails on the form
of uid@domain where uid is the login username for the application :(


--
***********************************************************************
Derek Diget                            Office of Information Technology
Western Michigan University - Kalamazoo  Michigan  USA - www.wmich.edu/
***********************************************************************
Previous By Date Next
Previous By Thread Next

Current thread: