kpasswd(TC)


kpasswd -- change authenticated login password

Syntax

kpasswd [ principal ]
kpasswd -host [ -init | -random ]
kpasswd -checkhost

Description

kpasswd changes the password assigned to a principal in the Registry maintained by the SCO Security server. root can also use kpasswd to set or change a machine principal's password, and to update the machine's /krb5/v5srvtab key table file accordingly. With the -checkhost option, root can use this command in scripts to verify that the host's correct service key is stored in the key table file.

To change a principal's network password, enter kpasswd followed by the name of the principal. Enter the principal's current network password (when prompted), then enter the new password (when prompted).

If no arguments are specified, kpasswd looks at the user's current network credentials and finds the principal name to which they are assigned. If that fails, kpasswd uses the current login name as the principal name.

The following options are supported:


-host
change the host password for the local machine and put the correct key (and version) in the /krb5/v5srvtab service key table. kpasswd does not prompt for the old password because it is already in the key table. If the old password is not in the key table, an error message is printed. In that case, enter kpasswd -host -init to re-initialize the host key (you are prompted for a new password).

-host -random
same as -host, but uses a pseudo-random key instead of prompting for a new password.

-host -init
use this option to enter the key for a machine principal that has just been added to the Security Registry to the host's /krb5/v5srvtab file. You are prompted for the host key.

-checkhost
verify that the correct service key is stored in the key table. kpasswd returns a status of 0 if the host key is correct, and 1 (error) if there is no host key, the host key is wrong, or the Registry cannot be contacted. kpasswd also writes a single line of text to the standard output. The text displayed is either SET or NOTSET, depending on whether or not the correct service key is stored in the key table. Use this option in configuration scripts.
If the principal is associated with a DCE account, the user invoking kpasswd must have u (change user information) permission in the account's Access Control List (ACL).

See also

passwd(C), pe_site(SFF)

Standards conformance

kpasswd is not part of any currently supported standard. It is an extension of AT&T UNIX System V provided by The Santa Cruz Operation, Inc.
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 02 June 2005