1 <?xml version="1.0" encoding="UTF-8"?>
2 <refentry id="kas_setpassword8">
4 <refentrytitle>kas setpassword</refentrytitle>
5 <manvolnum>8</manvolnum>
8 <refname>kas setpassword</refname>
9 <refpurpose>Changes the key field in an Authentication Database entry</refpurpose>
12 <title>Synopsis</title>
13 <para><emphasis role="bold">kas setpassword</emphasis> <emphasis role="bold">-name</emphasis> <<emphasis>name of user</emphasis>>
14 [<emphasis role="bold">-new_password</emphasis> <<emphasis>new password</emphasis>>] [<emphasis role="bold">-kvno</emphasis> <<emphasis>key version number</emphasis>>]
15 [<emphasis role="bold">-admin_username</emphasis> <<emphasis>admin principal to use for authentication</emphasis>>]
16 [<emphasis role="bold">-password_for_admin</emphasis> <<emphasis>admin password</emphasis>>] [<emphasis role="bold">-cell</emphasis> <<emphasis>cell name</emphasis>>]
17 [<emphasis role="bold">-servers</emphasis> <<emphasis>explicit list of authentication servers</emphasis>>+]
18 [<emphasis role="bold">-noauth</emphasis>] [<emphasis role="bold">-help</emphasis>]</para>
20 <para><emphasis role="bold">kas setpasswd</emphasis> <emphasis role="bold">-na</emphasis> <<emphasis>name of user</emphasis>> [<emphasis role="bold">-ne</emphasis> <<emphasis>new password</emphasis>>]
21 [<emphasis role="bold">-k</emphasis> <<emphasis>key version number</emphasis>>]
22 [<emphasis role="bold">-a</emphasis> <<emphasis>admin principal to use for authentication</emphasis>>]
23 [<emphasis role="bold">-p</emphasis> <<emphasis>admin password</emphasis>>] [<emphasis role="bold">-c</emphasis> <<emphasis>cell name</emphasis>>]
24 [<emphasis role="bold">-s</emphasis> <<emphasis>explicit list of authentication servers</emphasis>>+] [<emphasis role="bold">-no</emphasis>] [<emphasis role="bold">-h</emphasis>]</para>
26 <para><emphasis role="bold">kas setp</emphasis> <emphasis role="bold">-na</emphasis> <<emphasis>name of user</emphasis>> [<emphasis role="bold">-ne</emphasis> <<emphasis>new password</emphasis>>]
27 [<emphasis role="bold">-k</emphasis> <<emphasis>key version number</emphasis>>]
28 [<emphasis role="bold">-a</emphasis> <<emphasis>admin principal to use for authentication</emphasis>>]
29 [<emphasis role="bold">-p</emphasis> <<emphasis>admin password</emphasis>>] [<emphasis role="bold">-c</emphasis> <<emphasis>cell name</emphasis>>]
30 [<emphasis role="bold">-s</emphasis> <<emphasis>explicit list of authentication servers</emphasis>>+] [<emphasis role="bold">-no</emphasis>] [<emphasis role="bold">-h</emphasis>]</para>
32 <para><emphasis role="bold">kas sp</emphasis> <emphasis role="bold">-na</emphasis> <<emphasis>name of user</emphasis>> [<emphasis role="bold">-ne</emphasis> <<emphasis>new password</emphasis>>]
33 [<emphasis role="bold">-k</emphasis> <<emphasis>key version number</emphasis>>]
34 [<emphasis role="bold">-a</emphasis> <<emphasis>admin principal to use for authentication</emphasis>>]
35 [<emphasis role="bold">-p</emphasis> <<emphasis>admin password</emphasis>>] [<emphasis role="bold">-c</emphasis> <<emphasis>cell name</emphasis>>]
36 [<emphasis role="bold">-s</emphasis> <<emphasis>explicit list of authentication servers</emphasis>>+] [<emphasis role="bold">-no</emphasis>] [<emphasis role="bold">-h</emphasis>]</para>
40 <title>Description</title>
41 <para>The <emphasis role="bold">kas setpassword</emphasis> command accepts a character string of unlimited
42 length, scrambles it into a form suitable for use as an encryption key,
43 places it in the key field of the Authentication Database entry named by
44 the <emphasis role="bold">-name</emphasis> argument, and assigns it the key version number specified by
45 the <emphasis role="bold">-kvno</emphasis> argument.</para>
47 <para>To avoid making the password string visible at the shell prompt, omit the
48 <emphasis role="bold">-new_password</emphasis> argument. Prompts then appear at the shell which do not
49 echo the password visibly.</para>
51 <para>When changing the <emphasis role="bold">afs</emphasis> server key, also issue <emphasis role="bold">bos addkey</emphasis> command to
52 add the key (with the same key version number) to the
53 <replaceable>/usr/afs/etc/KeyFile</replaceable> file. See the <emphasis>IBM AFS Administration Guide</emphasis> for
56 <para>The command interpreter checks the password string subject to the
57 following conditions:</para>
61 <para>If there is a program called kpwvalid in the same directory as the <emphasis role="bold">kas</emphasis>
62 binary, the command interpreter invokes it to process the password. For
63 details, see <link linkend="kpwvalid8">kpwvalid(8)</link>.</para>
67 <para>If the <emphasis role="bold">-reuse</emphasis> argument to the <emphasis role="bold">kas setfields</emphasis> command has been used to
68 prohibit reuse of previous passwords, the command interpreter verifies
69 that the password is not too similar too any of the user's previous 20
70 passwords. It generates the following error message at the shell:</para>
73 Password was not changed because it seems like a reused password
76 <para>To prevent a user from subverting this restriction by changing the
77 password twenty times in quick succession (manually or by running a
78 script), use the <emphasis role="bold">-minhours</emphasis> argument on the <emphasis role="bold">kaserver</emphasis> initialization
79 command. The following error message appears if a user attempts to change
80 a password before the minimum time has passed:</para>
83 Password was not changed because you changed it too
84 recently; see your systems administrator
91 <title>Options</title>
94 <term><emphasis role="bold">-name</emphasis> <<emphasis>name of user</emphasis>></term>
96 <para>Names the entry in which to record the new key.</para>
101 <term><emphasis role="bold">-new_password</emphasis> <<emphasis>new password</emphasis>></term>
103 <para>Specifies the character string the user types when authenticating to
104 AFS. Omit this argument and type the string at the resulting prompts so
105 that the password does not echo visibly. Note that some non-AFS programs
106 cannot handle passwords longer than eight characters.</para>
111 <term><emphasis role="bold">-kvno</emphasis> <<emphasis>key version number</emphasis>></term>
113 <para>Specifies the key version number associated with the new key. Provide an
114 integer in the range from <computeroutput>0</computeroutput> through <computeroutput>255</computeroutput>. If omitted, the default is
115 <computeroutput>0</computeroutput> (zero), which is probably not desirable for server keys.</para>
120 <term><emphasis role="bold">-admin_username</emphasis> <<emphasis>admin principal</emphasis>></term>
122 <para>Specifies the user identity under which to authenticate with the
123 Authentication Server for execution of the command. For more details, see
124 <link linkend="kas8">kas(8)</link>.</para>
129 <term><emphasis role="bold">-password_for_admin</emphasis> <<emphasis>admin password</emphasis>></term>
131 <para>Specifies the password of the command's issuer. If it is omitted (as
132 recommended), the <emphasis role="bold">kas</emphasis> command interpreter prompts for it and does not
133 echo it visibly. For more details, see <link linkend="kas8">kas(8)</link>.</para>
138 <term><emphasis role="bold">-cell</emphasis> <<emphasis>cell name</emphasis>></term>
140 <para>Names the cell in which to run the command. For more details, see
141 <link linkend="kas8">kas(8)</link>.</para>
146 <term><emphasis role="bold">-servers</emphasis> <<emphasis>authentication servers</emphasis>>+</term>
148 <para>Names each machine running an Authentication Server with which to
149 establish a connection. For more details, see <link linkend="kas8">kas(8)</link>.</para>
154 <term><emphasis role="bold">-noauth</emphasis></term>
156 <para>Assigns the unprivileged identity <computeroutput>anonymous</computeroutput> to the issuer. For more
157 details, see <link linkend="kas8">kas(8)</link>.</para>
162 <term><emphasis role="bold">-help</emphasis></term>
164 <para>Prints the online help for this command. All other valid options are
172 <title>Examples</title>
173 <para>In the following example, an administrator using the <computeroutput>admin</computeroutput> account
174 changes the password for <computeroutput>pat</computeroutput> (presumably because <computeroutput>pat</computeroutput> forgot the
175 former password or got locked out of his account in some other way).</para>
178 % kas setpassword pat
181 Verifying, please re-enter new_password:
186 <title>Privilege Required</title>
187 <para>Individual users can change their own passwords. To change another user's
188 password or the password (server encryption key) for server entries such
189 as <computeroutput>afs</computeroutput>, the issuer must have the <computeroutput>ADMIN</computeroutput> flag set in his or her
190 Authentication Database entry.</para>
194 <title>See Also</title>
195 <para><link linkend="bos_addkey8">bos_addkey(8)</link>,
196 <link linkend="kas8">kas(8)</link>,
197 <link linkend="kaserver8">kaserver(8)</link>,
198 <link linkend="kpwvalid8">kpwvalid(8)</link></para>
202 <title>Copyright</title>
203 <para>IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.</para>
205 <para>This documentation is covered by the IBM Public License Version 1.0. It was
206 converted from HTML to POD by software written by Chas Williams and Russ
207 Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.</para>