1 kas setpassword AFS Commands kas setpassword
6 kas setpassword -- change key field in Database entry.
9 kas setpassword -name <name of user>
10 [-new_password <new password>]
11 [-kvno <key version number>]
12 [-admin_username <admin principal to use for
14 [-password_for_admin <admin password>] [-cell <cell name>]
15 [-servers <explicit list of authentication
20 ACCEPTABLE ABBREVIATIONS/ALIASES
22 kas sp -na <name of user> [-ne <new password>]
23 [-k <key version number>]
24 [-a <admin principal to use for authentication>]
25 [-p <admin password>] [-c <cell name>]
27 [-s <explicit list of authentication servers> ] [-no] [-h]
31 Accepts a character string new password of unlimited length,
32 scrambles it into a form suitable for use as an encryption
33 key, and places it in the key field of name's Authentication
36 There is little reason to type new password on the command
37 line, where it is visible. If the issuer does not provide
38 the password on the command line, a
42 prompt appears, followed by a second prompt requesting a
43 repetition of the new password. In both cases the password
44 does not echo visibly. The second prompt guarantees that
45 the issuer did not make a typing mistake when responding to
48 When adding server keys (such as "afs"), remember to add the
49 new key to the /usr/afs/etc/KeyFile using the bos addkey
50 command and to use the same key version number there as
51 here. See the AFS System Administrator's Guide for
58 -name specifies the entry for which to replace
61 -new_password is the character string the user will type
62 when logging in. It should be 8
63 characters or less, as some non-AFS
64 programs cannot handle longer passwords.
65 The Authentication Server scrambles it
66 into a string of octal numbers before
67 storing it in the key field.
69 -kvno specifies the key version number
70 associated with the new key. It must be
71 an integer between 0 and 255. In
72 addition, 999 is reserved for the "bcrypt"
73 key used in AFS 2.0 authentication. If
74 the issuer does not provide this argument,
75 it defaults to 0, which is probably not
76 desirable for server keys.
78 -admin_username specifies the user name under which the
79 issuer wishes to perform the command. If
80 the issuer does not provide it, the
81 current identity is used. See section 4.3
82 in the Reference Manual for more details.
84 specifies the issuer's password. If
85 provided here, the password is visible on
86 the screen. If the issuer does not
87 provide it, it will be prompted for and
88 not be visible on the screen. See section
89 4.3 in the Reference Manual for more
91 specifies the cell in which to run the
92 command, if not the local cell. See
93 section 4.3 in the Reference Manual for
94 more details. -servers
95 specifies the database server machine(s)
96 with which to establish a connection. See
97 section 4.3 in the Reference Manual for
99 establishes an unauthenticated connection
100 between the Authentication Servers and
101 issuer, whom they assign the unprivileged
102 identity anonymous rather than attempting
103 mutual authentication. See section 4.3 in
104 the Reference Manual for more details.
106 prints the online help for this command.
107 Do not provide any other arguments or
108 flags with this one. See section 4.3 in
109 the Reference Manual for more details.
113 The following shows privileged user admin changing pat's
114 password (presumably because pat forgot the former password
115 or got locked out of his account in some other way.
122 Verifying, please re-enter new_password:
128 An individual user may change his or her own password,
129 although use of the kpasswd command is recommended instead.
130 To change another user's password or the password (server
131 encryption key) for server processes such as "afs", issuer
132 must have the ADMIN flag set in his or her Authentication
137 bos addkey kas setkey