If you have forgotten your Fermi or Services password, or want to guard against forgetting them in the future , please use the Password Reset Tool. To do a routine password change, follow the instructions below.
Changing your Central Authentication Passwords
Changing Fermi windows domain password is dependent on whether your computer is a member of the windows domain or not:
From a Domain System
From a non-Domain System
Change Your Kerberos Password For information on how to change your Kerberos Password access
Changing Your Fermi Windows Domain Password From a Domain System
If your desktop machine is a member of the Fermi domain you can change your password in the following ways:
From your Computer
From the main Windows XP or Windows 7 screen, press Ctrl + Alt + Delete to bring up the Windows Security dialog box. Select Change Password... to bring up the Change Password dialog box.
Windows XP: Choose from the pop-up list or type in the domain or system for which you want to change your password. The one to which you are currently logged on is displayed. You must first enter your old password, then the new password must be entered twice, for confirmation. Click OK to complete the change.
Windows 7: The interface is slightly different. Pressing Ctrl + Alt + Delete brings up the following screen:
Select Change a password
Enter the required information to change your password. If you are trying to change your password for a different domain enter DOMAIN\Username in the top text box.
If you have problems changing your password, contact the Service Desk at ext 2345 or submit a ticket via http://servicedesk.fnal.gov.
Changing Your Fermi Windows Domain Password From a Non-Domain System.
If your desktop machine is not a member of the Fermi domain you can change your password in the following ways:
From a machine in the Fermi domain
Log on to any PC that is a member of the Fermi Windows domain and is either onsite or using a lab VPN connection. You will be prompted to change your password.
Windows XP or Windows 7 Desktop/Laptop
You must have a .FNAL.GOV address for the following to work. Obtaining an IP address via DHCP while on the Fermilab site or by establishing a VPN connection to FNAL will give you a .FNAL.GOV address.
VPN account information can be found at: http://computing.fnal.gov/vpn/
- Press Ctrl+Alt+Del to open the Windows Security dialog box.
- Select Change Password.
- Enter your username and domain in the User name text box in this format: username@fermi.win.fnal.gov (Windows 7 users - there is a help link on this screen)
- The Logon to text box should be grayed out.
- Enter your old password in the Old Password text box.
- Enter your new password in the New Password text box.
- Re-enter the new password in the Confirm New Password text box.
- Click OK.
If Ctrl-Alt-Delete doesn't bring up the security dialog, you are using the WinXP Welcome screen. You must turn that off in order to change your password. To turn it off:
- Bring up the Control Panel (Start -> Settings -> Control Panel)
- Double click on "User Accounts"
- Click on "Change the way users log on or off"
- Clear the box next to "Use the Welcome Screen"
- Click on "Apply Options"
- Follow the instructions above to change your password (Ctrl-Alt-Delete etc)
- Change the "Use the Welcome Screen" option back if you wish.
From a non-Windows system
Fermi and Services passwords can also be changed from properly configured non-Windows systems (Linux, Mac or Unix) by opening a terminal window and using one of these commands at the command line prompt:
kpasswd username@FERMI.WIN.FNAL.GOV
or
kpasswd username@SERVICES.FNAL.GOV
Where username is your Fermi account name.
The FNALU Linux nodes are properly configured to use kpasswd. If you are attempting to do this operation from a system that is not on the Fermilab network the VPN must be used.
If you have any questions, please contact the Fermilab Service Desk at ext 2345 or http://servicedesk.fnal.gov.
Password Guidelines
Choose a unique password with the following characteristics:
- Does not contain your name or username.
- Contains at least ten characters.
- Contains characters from each of the following three groups:
- Uppercase and/or lowercase letters
- Numerals (0 through 9)
- Symbols (characters that are not defined as letters or numerals, such as !, @, #, and so on)
- Is very hard for a person or program to guess
Please treat your Kerberos password as a sacred object, and adhere to the following rules
- Your Kerberos password must be known only to you.
- Make sure that you do not write it down anywhere that someone could find it.
- Do not put it in a file (encrypted or not).
- As a usual practice, type it only at the console of a system on which you authenticate.
- Only on very rare occasions, when you have no other choice, may you pass it over a network connection. The connection MUST BE ENCRYPTED. Verify that ALL connections in the chain are encrypted.
- Choose a character string different from your Kerberos password for all other passwords and other objects. (The one exception: your passwords for the FNAL.GOV and FERMI.WIN.FNAL.GOV realms can be the same.)
- If you mistakenly type your Kerberos password over the network on an unencrypted channel, please change your password immediately!