.@ Tony Finch – blog

Once more, Pat Stewart does my dirty work. (I’m amused that none of my colleagues suggested toning down the sarcastic bit!)


Since the summer, insecure access to Hermes has been forbidden to new users. We are planning to extend this rule to the whole University by next summer. In preparation for the next step, this term we have been monitoring usage of Hermes to make a list of easy cases.

Next Monday, 14th November, we will withdraw insecure access to Hermes from those users who have not used insecure configurations - that is, from those users who should not be affected by this change.

We are also deprecating the ~/mail folder name prefix. On Monday we will also disable the backwards-compatibility support for those who do not need it.

Although these changes should not affect too many users, our list of insecure users is still growing so this change will affect some people. This is inevitable whatever time we pick.

After Monday we will have somewhat over 9,000 users to reconfigure, which is a rather daunting prospect. We are proposing to sort them by affiliation before working through them, so that users in a department or college will be dealt with together, rather than in dribs and drabs. We will send a list of affected users to the relevant support staff a reasonable amount of time before they will have to change: although the timetable is ambitious we don’t want to turn it into a mad rush.

We hope this process seems fair to computer officers and techlinks. If you have any suggestions for ways in which we can make it less painful, please contact <postmaster@hermes.cam.ac.uk> - though if anyone suggests not doing it at all, we will consider giving them a particularly strict timetable. The details are deliberately vague at the moment because we expect to refine them based on experience.

For background information and links to the documentation of the correct settings for Hermes, see http://www.cam.ac.uk/cs/email/securehermes.html