kpasswd(TC)

Syntax

Description

To change a principal's network password, enter kpasswd followed by the name of the principal. Enter the principal's current network password (when prompted), then enter the new password (when prompted).

If no arguments are specified, kpasswd looks at the user's current network credentials and finds the principal name to which they are assigned. If that fails, kpasswd uses the current login name as the principal name.

The following options are supported:

-host

change the host password for the local machine and put the correct key (and version) in the /krb5/v5srvtab service key table. kpasswd does not prompt for the old password because it is already in the key table. If the old password is not in the key table, an error message is printed. In that case, enter kpasswd -host -init to re-initialize the host key (you are prompted for a new password).

-host -random

same as -host, but uses a pseudo-random key instead of prompting for a new password.

-host -init

use this option to enter the key for a machine principal that has just been added to the Security Registry to the host's /krb5/v5srvtab file. You are prompted for the host key.

-checkhost

verify that the correct service key is stored in the key table. kpasswd returns a status of 0 if the host key is correct, and 1 (error) if there is no host key, the host key is wrong, or the Registry cannot be contacted. kpasswd also writes a single line of text to the standard output. The text displayed is either SET or NOTSET, depending on whether or not the correct service key is stored in the key table. Use this option in configuration scripts.

See also

Standards conformance