Red Hat Enterprise Linux 5 Administration Unleashed

Best Practices 217Managing UsernamesThere are many username styles:. First name of the user such as tammy. First initial of the first name followed by the last name such as tfox. Three-letter initials for the user such as tcf. First name followed by a period followed by the last name such as tammy.fox. First name followed by a period, followed by a middle initial, followed by the lastname such as tammy.c.foxWhen selecting a style to use, be sure to ask yourself if it is scalable. For a homecomputer, using the first name of each user might work because most members of afamily don’t have the same name. However, this method does not scale in a corporateenvironment that might have five to ten people named Joe. Using the first initial of thefirst name followed by the last name might work for a corporation as long as there is analternative style if more than one person has the same username combination. Forexample, what do you do with a Joe Smith and a Jocelyn Smith? Unless they start atexactly the same time, the first one to join the company will have jsmith for a username.For the next person, consider using his middle initial as well or spelling out his first nameif it is short. A similar concern exists for the three initial method—more than oneemployee might have the same three initials.In the end, try to be consistent with the style you choose.Managing PasswordsBy default, a user account is enabled when the password is set with the passwd command,the password does not expire, and the account is never disabled due to lack of activity.Enterprise administrators are constantly considering the security implications of theirprocedures. Thus, consider forcing users to change their passwords on a regular basis suchas every quarter to increase security. Also consider locking the account if the user does notchange his password after it has expired.Another good practice is educating users on why they should not give their passwords toanyone else and why they should not write it down anywhere others can find it. If usersdo not understand the security risks, they are less likely to keep their passwords secure.9When asking users to set or change their passwords, give them tips for selecting a goodpassword such as the following:. Use a combination of letters, numbers, and special characters to make it harder forsomeone to guess your password.. Do not use obvious passwords such as any combination of your name or the nameof a family member.. Do not use your birthday or a family member’s birthday.