Login Information:

User name

Each user is assigned to a unique login in the central authentication system (hereinafter referred to as CAS). This login user is used to log on to servers that use CAS for authentication. CAS is built on LDAP servers. The purpose of CAS is to authenticate users, i.e. to verify their digital identity.

A login that is no longer active will not be assigned to any other user.

The login format is uniform:

• The length of the login is 7 characters, consists of ASCII characters of lowercase English alphabet and has the format xy123ab, where
• xy are the first letters of the user's first name and surname,
• 123 is an integer from 000 to 999, including leading zeros,
• ab are the letters of the alphabet a to zexcluding the letter l(lowercase L) due to possible confusion with the number 1.
• The string 123ab is generated by CAS.

Password

Entering the password is the second step in single-factor authentication. A password is something the user knows.

Password properties:

• Minimum length is 8 characters
• when creating a unique login, the CAS system generates an initialization password.

Password usage policy:

• It is forbidden in any way, intentionally or unintentionally, to publish your password or to enter your password in foreign, not TUKE, information systems, e.g. Gmail POP3 Mail Fetcher.
• For security reasons, passwords are set to expire, which is a mechanism to force password change. Before password expiration:
  • user is notified of the impending expiration of the password by mail and
  • the user is obliged to change the password before the expiration date.
• After expiration, the password is invalid and the user can no longer log in or change the password.
• The new password must comply with the password security criteria (password structure, inadmissibility of entering a previously used password as a new password, or a significant degree of similarity of the new password to a previously used password, ...) that are implemented in operating systems and applications. If the new password does not meet these criteria, the system does not accept it.

By disclosing their login and password, the users will give access to all servers and / or services for which they have been given access.

User's password disclosure policy

If a user discovers his/her password has been disclosed, they are obliged to:

• promptly, if possible, change the password and
• report this fact immediately to the Dispečing ÚVT in person for identity verification purposes
• If the user cannot change the password because the password has already been changed by the attacker in a security incident, then the "User forgotten password procedure" is applied.

User forgotten password procedure

If a user has forgotten his password, follow these steps:

• User identity verification. The user must unequivocally prove his / her physical identity in order to enable the verification of ownership of the digital identity to be verified by physical presence and by means of a trusted document - identity card, passport in the case of an alien, employee or student card.
• Change password. An authorized employee will generate a new password for the user.

Changing your password without verifying your identity is prohibited; e.g. it is prohibited if based on email or phone communication.