Changing password at first login
When you are issued a CAC user name, you should first log in to a login node. You will be prompted to change your password. You do this just once, and it should change your password for all CAC resources that require a login. Refer to the rules for creating passwords. After you change your password, you will be logged in.
Log in to the Windows login node, winlogin.cac.cornell.edu, using the Remote Desktop Connection client that comes with Windows. (There is also a free client for macOS that you can download from the App Store.) Here are the steps to follow in the RDC client:
- Log in with your CAC user name and your current password (the domain name should be CTC_ITH)
- From the desktop, choose "Windows Security" from the Start menu; or, if you are coming from Windows, enter the key combination Ctrl-Alt-End
- Choose "Change a password..." and enter your old and new passwords as indicated.
Old Password: 0ldpassw0rd!! New Password: newpassw0rd!! Confirm New Password: newpassw0rd!!
Linux and Mac users:
You can follow these steps on the head node of a private cluster; if your CAC project doesn't have a private cluster, you can follow them on linuxlogin.cac.cornell.edu. On many Linux clusters, when you first change your password, you will also be asked for an ssh passphrase. You can leave this blank--just hit the Enter key.
Assume that you have an old password '0ldpassw0rd!!' and a new password 'newpassw0rd!!'.
This what should happen when you do the following in a Terminal client window:
$ ssh email@example.com Password: (ENTER 0ldpassw0rd!!) WARNING: Your password has expired. You must change your password now and login again! Changing password for user your_username. Kerberos 5 Password: (ENTER 0ldpassw0rd!!) New UNIX password: (ENTER newpassw0rd!!) Retype new UNIX password: (ENTER newpassw0rd!!) passwd: all authentication tokens updated successfully. Connection to linuxlogin closed.
If you get a token error it very likely means that the password is not complex enough. Your password must be a mix of any three of the following: lower case letters, upper case letters, numbers and some sort of punctuation to create an 8 character or longer password (it is slightly more complex; don't use your user name or previous password - more info in Password Policy ).
If you have additional trouble, you can use either the rdesktop client (for linux) or the Remote Desktop client (for Windows or Mac) to log into the Windows login node winlogin.cac.cornell.edu, then follow the instructions for Windows above. This gives you better information about password complexity issues during the password change.