1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
3 <TITLE>Administration Reference</TITLE>
4 <!-- Begin Header Records ========================================== -->
5 <!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
6 <!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
7 <META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
8 <META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
9 <META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
11 <!-- (C) IBM Corporation 2000. All Rights Reserved -->
12 <BODY bgcolor="ffffff">
13 <!-- End Header Records ============================================ -->
14 <A NAME="Top_Of_Page"></A>
15 <H1>Administration Reference</H1>
16 <HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf193.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf195.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
18 <H2><A NAME="HDRKAS_SETPASSWORD" HREF="auarf002.htm#ToC_208">kas setpassword</A></H2>
19 <A NAME="IDX5147"></A>
20 <A NAME="IDX5148"></A>
21 <A NAME="IDX5149"></A>
22 <A NAME="IDX5150"></A>
23 <A NAME="IDX5151"></A>
24 <A NAME="IDX5152"></A>
25 <A NAME="IDX5153"></A>
26 <A NAME="IDX5154"></A>
27 <P><STRONG>Purpose</STRONG>
28 <P>Changes the key field in an Authentication Database entry
29 <P><STRONG>Synopsis</STRONG>
30 <PRE><B>kas setpassword -name</B> <<VAR>name of user</VAR>> [<B>-new_password</B> <<VAR>new password</VAR>>]
31 [<B>-kvno</B> <<VAR>key version number</VAR>>]
32 [<B>-admin_username</B> <<VAR>admin principal to use for authentication</VAR>>]
33 [<B>-password_for_admin</B> <<VAR>admin password</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
34 [<B>-servers</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>]
35 [<B>-noauth</B>] [<B>-help</B>]
37 <B>kas setpasswd -na</B> <<VAR>name of user</VAR>> [<B>-ne</B> <<VAR>new password</VAR>>]
38 [<B>-k</B> <<VAR>key version number</VAR>>]
39 [<B>-a</B> <<VAR>admin principal to use for authentication</VAR>>]
40 [<B>-p</B> <<VAR>admin password</VAR>>] [-c <<VAR>cell name</VAR>>]
41 [<B>-s</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-no</B>] [<B>-h</B>]
43 <B>kas setp -na</B> <<VAR>name of user</VAR>> [<B>-ne</B> <<VAR>new password</VAR>>] [<B>-k</B> <<VAR>key version number</VAR>>]
44 [<B>-a</B> <<VAR>admin principal to use for authentication</VAR>>]
45 [<B>-p</B> <<VAR>admin password</VAR>>] [-c <<VAR>cell name</VAR>>]
46 [<B>-s</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-no</B>] [<B>-h</B>]
48 <B>kas sp -na</B> <<VAR>name of user</VAR>> [<B>-ne</B> <<VAR>new password</VAR>>] [<B>-k</B> <<VAR>key version number</VAR>>]
49 [<B>-a</B> <<VAR>admin principal to use for authentication </VAR>>]
50 [<B>-p</B> <<VAR>admin password</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
51 [<B>-s</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-no</B>] [<B>-h</B>]
53 <P><STRONG>Description</STRONG>
54 <P>The <B>kas setpassword</B> command accepts a character string of
55 unlimited length, scrambles it into a form suitable for use as an encryption
56 key, places it in the key field of the Authentication Database entry named by
57 the <B>-name</B> argument, and assigns it the key version number specified
58 by the <B>-kvno</B> argument.
59 <P>To avoid making the password string visible at the shell prompt, omit the
60 <B>-new_password</B> argument. Prompts then appear at the shell
61 which do not echo the password visibly.
62 <P>When changing the <B>afs</B> server key, also issue <B>bos
63 addkey</B> command to add the key (with the same key version number) to the
64 <B>/usr/afs/etc/KeyFile</B> file. See the <I>IBM AFS
65 Administration Guide</I> for instructions.
66 <P>The command interpreter checks the password string subject to the following
69 <P><LI>If there is a program called <B>kpwvalid</B> in the same directory as
70 the <B>kas</B> binary, the command interpreter invokes it to process the
71 password. For details, see the <B>kpwvalid</B> reference
73 <P><LI>If the <B>-reuse</B> argument to the <B>kas setfields</B> command
74 has been used to prohibit reuse of previous passwords, the command interpreter
75 verifies that the password is not too similar too any of the user's
76 previous 20 passwords. It generates the following error message at the
78 <PRE> Password was not changed because it seems like a reused password
81 <P>To prevent a user from subverting this restriction by changing the password
82 twenty times in quick succession (manually or by running a script), use the
83 <B>-minhours</B> argument on the <B>kaserver</B> initialization
84 command. The following error message appears if a user attempts to
85 change a password before the minimum time has passed:
86 <PRE> Password was not changed because you changed it too
87 recently; see your systems administrator
91 <P><STRONG>Options</STRONG>
94 </B><DD>Names the entry in which to record the new key.
95 <P><DT><B>-new_password
96 </B><DD>Specifies the character string the user types when authenticating to
97 AFS. Omit this argument and type the string at the resulting prompts so
98 that the password does not echo visibly. Note that some non-AFS
99 programs cannot handle passwords longer than eight characters.
101 </B><DD>Specifies the key version number associated with the new key.
102 Provide an integer in the range from <B>0</B> through
103 <B>255</B>. If omitted, the default is 0 (zero), which is probably
104 not desirable for server keys.
105 <P><DT><B>-admin_username
106 </B><DD>Specifies the user identity under which to authenticate with the
107 Authentication Server for execution of the command. For more details,
108 see the introductory <B>kas</B> reference page.
109 <P><DT><B>-password_for_admin
110 </B><DD>Specifies the password of the command's issuer. If it is
111 omitted (as recommended), the <B>kas</B> command interpreter prompts for
112 it and does not echo it visibly. For more details, see the introductory
113 <B>kas</B> reference page.
115 </B><DD>Names the cell in which to run the command. For more details, see
116 the introductory <B>kas</B> reference page.
118 </B><DD>Names each machine running an Authentication Server with which to
119 establish a connection. For more details, see the introductory
120 <B>kas</B> reference page.
122 </B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
123 issuer. For more details, see the introductory <B>kas</B> reference
126 </B><DD>Prints the online help for this command. All other valid options
129 <P><STRONG>Examples</STRONG>
130 <P>In the following example, an administrator using the <B>admin</B>
131 account changes the password for <B>pat</B> (presumably because
132 <B>pat</B> forgot the former password or got locked out of his account in
134 <PRE> % <B>kas setpassword pat</B>
137 Verifying, please re-enter new_password:
140 <P><STRONG>Privilege Required</STRONG>
141 <P>Individual users can change their own passwords. To change another
142 user's password or the password (server encryption key) for server
143 entries such as <B>afs</B>, the issuer must have the <TT>ADMIN</TT> flag
144 set in his or her Authentication Database entry.
145 <P><STRONG>Related Information</STRONG>
146 <P><A HREF="auarf095.htm#HDRBOS_ADDKEY">bos addkey</A>
147 <P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
148 <P><A HREF="auarf198.htm#HDRKASERVER">kaserver</A>
149 <P><A HREF="auarf203.htm#HDRKPWVALID">kpwvalid</A>
151 <HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf193.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf195.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
152 <!-- Begin Footer Records ========================================== -->
154 <br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
156 <!-- End Footer Records ============================================ -->
157 <A NAME="Bot_Of_Page"></A>