=head1 NAME kas_setpassword - Changes the key field in an Authentication Database entry =head1 SYNOPSIS =for html
B S<<< B<-name> > >>> S<<< [B<-new_password> >] >>> S<<< [B<-kvno> >] >>> S<<< [B<-admin_username> >] >>> S<<< [B<-password_for_admin> >] >>> S<<< [B<-cell> >] >>> S<<< [B<-servers> >+] >>> [B<-noauth>] [B<-help>] B S<<< B<-na> > >>> S<<< [B<-ne> >] >>> S<<< [B<-k> >] >>> S<<< [B<-a> >] >>> S<<< [B<-p> >] >>> S<<< [B<-c> >] >>> S<<< [B<-s> >+] >>> [B<-no>] [B<-h>] B S<<< B<-na> > >>> S<<< [B<-ne> >] >>> S<<< [B<-k> >] >>> S<<< [B<-a> >] >>> S<<< [B<-p> >] >>> S<<< [B<-c> >] >>> S<<< [B<-s> >+] >>> [B<-no>] [B<-h>] B S<<< B<-na> > >>> S<<< [B<-ne> >] >>> S<<< [B<-k> >] >>> S<<< [B<-a> >] >>> S<<< [B<-p> >] >>> S<<< [B<-c> >] >>> S<<< [B<-s> >+] >>> [B<-no>] [B<-h>] =for html
=head1 DESCRIPTION The B command accepts a character string of unlimited length, scrambles it into a form suitable for use as an encryption key, places it in the key field of the Authentication Database entry named by the B<-name> argument, and assigns it the key version number specified by the B<-kvno> argument. To avoid making the password string visible at the shell prompt, omit the B<-new_password> argument. Prompts then appear at the shell which do not echo the password visibly. When changing the B server key, also issue B command to add the key (with the same key version number) to the F file. See the I for instructions. The command interpreter checks the password string subject to the following conditions: =over 4 =item * If there is a program called kpwvalid in the same directory as the B binary, the command interpreter invokes it to process the password. For details, see L. =item * If the B<-reuse> argument to the B command has been used to prohibit reuse of previous passwords, the command interpreter verifies that the password is not too similar too any of the user's previous 20 passwords. It generates the following error message at the shell: Password was not changed because it seems like a reused password To prevent a user from subverting this restriction by changing the password twenty times in quick succession (manually or by running a script), use the B<-minhours> argument on the B initialization command. The following error message appears if a user attempts to change a password before the minimum time has passed: Password was not changed because you changed it too recently; see your systems administrator =back =head1 OPTIONS =over 4 =item B<-name> > Names the entry in which to record the new key. =item B<-new_password> > Specifies the character string the user types when authenticating to AFS. Omit this argument and type the string at the resulting prompts so that the password does not echo visibly. Note that some non-AFS programs cannot handle passwords longer than eight characters. =item B<-kvno> > Specifies the key version number associated with the new key. Provide an integer in the range from C<0> through C<255>. If omitted, the default is C<0> (zero), which is probably not desirable for server keys. =item B<-admin_username> > Specifies the user identity under which to authenticate with the Authentication Server for execution of the command. For more details, see L. =item B<-password_for_admin> > Specifies the password of the command's issuer. If it is omitted (as recommended), the B command interpreter prompts for it and does not echo it visibly. For more details, see L. =item B<-cell> > Names the cell in which to run the command. For more details, see L. =item B<-servers> >+ Names each machine running an Authentication Server with which to establish a connection. For more details, see L. =item B<-noauth> Assigns the unprivileged identity C to the issuer. For more details, see L. =item B<-help> Prints the online help for this command. All other valid options are ignored. =back =head1 EXAMPLES In the following example, an administrator using the C account changes the password for C (presumably because C forgot the former password or got locked out of his account in some other way). % kas setpassword pat Password for admin: new_password: Verifying, please re-enter new_password: =head1 PRIVILEGE REQUIRED Individual users can change their own passwords. To change another user's password or the password (server encryption key) for server entries such as C, the issuer must have the C flag set in his or her Authentication Database entry. =head1 SEE ALSO L, L, L, L =head1 COPYRIGHT IBM Corporation 2000. All Rights Reserved. This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.