Skip to the content of the web site.

Nexus: Generic Accounts

Generic Accounts

Situations occur in which a service or function exists independent of the individual(s) who provide this function. Many examples of this exist on campus:
  • official roles, such as the President or Registrar
  • services, such as the Help Desk in the CHIP, the cashier in Parking.
  • systems, such as UWDir (userid uwdir), Usenet News (userid news)
Generic services, such as the above, frequently require access to Email, network storage and network access. Where possible, individuals who perform these services should use their normal UWDir userid for authentication.

Email Issues

Email Addresses

  1. Aliases on a mail server provide a mechanism to advertise a generic address (e.g. uwsa@admmail.uwaterloo) and distribute mail to a simple list of addresses or to a list server facility (e.g. majordomo).
  2. Generic addresses must clearly identify the organizational unit within the University that is responsible for the entry.
  3. Generic entries in UWDir (e.g. ‘president’) may be used to eliminate the need to identify the email host in the address (e.g. president@uwaterloo.ca). These generic UWDir entries are created on request by staff who have the responsibility and authority to make changes to UWDir. The Web-based tools that are used to create UWDir entries may also be used to create the associated Active Directory (Nexus) entry if authentication services are also required.

Email Processing

  1. The simplest situation is where a list of individuals need to receive all messages sent to a generic address. This is supported using aliases, possibly in conjunction with list server software.
  2. Situations exit where it may be desirable to have a separate mailbox associated with the generic function. Some examples are:
    1. Where it is important to separate the storage and management of email to the generic address from other email addressed to the individuals on the distribution list.
    2. Where management of the received email becomes difficult, either because of the volume of the email or the number of individuals who share this responsibility.
  3. The general principle is that individuals authenticate themselves using their personal UWDir identifier and that they are given access to the resources for which they are authorized.
  4. Use of the generic userid and password for authentication is discouraged.
  5. One mechanism for the shared management of email to a generic address would be to make use of email tracking facility such as the Request Tracker (e.g. IST Request).
  6. For simpler applications (e.g. email to IST HelpDesk), a combination of email processors (e.g. procmail) used in conjunction with UNIX groups provide a possible option for IMAP users:
    1. The generic userid is created (possibly with login via password disabled and with rlogin enabled by one or more of the group members).
    2. A UNIX group is defined containing the userid of the generic address and the userids of individuals who are responsible for email to the address.
    3. Logon to set up the generic account would be by using ssh or rlogin.
    4. An appropriate set of email folders (e.g. inbox, junk mail, …) are created with the appropriate group file permissions.
    5. Email control files (.forward, .procmailrc) are created for automatically processing and filing received email.
    6. Members of the group would then create a link to the generic email folder from their own 'mail' folder and could monitor and manage generic email with their regular email.

Network Storage

It is often important to allow shared access to files related to a generic service. The preferred way to do this would be to establish a network share with access controlled by a security group. Individuals authenticate using their own personal UWuserid and, through their membership in the appropriate security groups, gain access to their required shares.

Network Logon

In general, users provide their UWuserid and password to authenticate themselves for network services. Problems occur when authorized individuals are not in UWDir, for example in the case of temporary employees.
  1. If it is likely that the employee will require access for an extended period of time (e.g. a student hired for an academic term), creation of a UWDir entry would be appropriate.
  2. For temporary employees hired to perform a specific, short term function (e.g. cashiers at bookstore during 1st week of classes).
    • If access to network shares is not required, this can be accommodated using a local generic userid and password.
    • If access to network shares is required, then a generic userid may be established in UWDir with password control the responsibility of the sponsoring department.

Last updated by Paul Snyder (email snyder at Uwaterloo.ca), December 8, 2003