--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf193.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf195.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKAS_SETPASSWORD" HREF="auarf002.htm#ToC_208">kas setpassword</A></H2>
+<A NAME="IDX5147"></A>
+<A NAME="IDX5148"></A>
+<A NAME="IDX5149"></A>
+<A NAME="IDX5150"></A>
+<A NAME="IDX5151"></A>
+<A NAME="IDX5152"></A>
+<A NAME="IDX5153"></A>
+<A NAME="IDX5154"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Changes the key field in an Authentication Database entry
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kas setpassword -name</B> <<VAR>name of user</VAR>> [<B>-new_password</B> <<VAR>new password</VAR>>]
+ [<B>-kvno</B> <<VAR>key version number</VAR>>]
+ [<B>-admin_username</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-password_for_admin</B> <<VAR>admin password</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-servers</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>]
+ [<B>-noauth</B>] [<B>-help</B>]
+
+<B>kas setpasswd -na</B> <<VAR>name of user</VAR>> [<B>-ne</B> <<VAR>new password</VAR>>]
+ [<B>-k</B> <<VAR>key version number</VAR>>]
+ [<B>-a</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-p</B> <<VAR>admin password</VAR>>] [-c <<VAR>cell name</VAR>>]
+ [<B>-s</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-no</B>] [<B>-h</B>]
+
+<B>kas setp -na</B> <<VAR>name of user</VAR>> [<B>-ne</B> <<VAR>new password</VAR>>] [<B>-k</B> <<VAR>key version number</VAR>>]
+ [<B>-a</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-p</B> <<VAR>admin password</VAR>>] [-c <<VAR>cell name</VAR>>]
+ [<B>-s</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-no</B>] [<B>-h</B>]
+
+<B>kas sp -na</B> <<VAR>name of user</VAR>> [<B>-ne</B> <<VAR>new password</VAR>>] [<B>-k</B> <<VAR>key version number</VAR>>]
+ [<B>-a</B> <<VAR>admin principal to use for authentication </VAR>>]
+ [<B>-p</B> <<VAR>admin password</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-s</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-no</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kas setpassword</B> command accepts a character string of
+unlimited length, scrambles it into a form suitable for use as an encryption
+key, places it in the key field of the Authentication Database entry named by
+the <B>-name</B> argument, and assigns it the key version number specified
+by the <B>-kvno</B> argument.
+<P>To avoid making the password string visible at the shell prompt, omit the
+<B>-new_password</B> argument. Prompts then appear at the shell
+which do not echo the password visibly.
+<P>When changing the <B>afs</B> server key, also issue <B>bos
+addkey</B> command to add the key (with the same key version number) to the
+<B>/usr/afs/etc/KeyFile</B> file. See the <I>IBM AFS
+Administration Guide</I> for instructions.
+<P>The command interpreter checks the password string subject to the following
+conditions:
+<UL>
+<P><LI>If there is a program called <B>kpwvalid</B> in the same directory as
+the <B>kas</B> binary, the command interpreter invokes it to process the
+password. For details, see the <B>kpwvalid</B> reference
+page.
+<P><LI>If the <B>-reuse</B> argument to the <B>kas setfields</B> command
+has been used to prohibit reuse of previous passwords, the command interpreter
+verifies that the password is not too similar too any of the user's
+previous 20 passwords. It generates the following error message at the
+shell:
+<PRE> Password was not changed because it seems like a reused password
+
+</PRE>
+<P>To prevent a user from subverting this restriction by changing the password
+twenty times in quick succession (manually or by running a script), use the
+<B>-minhours</B> argument on the <B>kaserver</B> initialization
+command. The following error message appears if a user attempts to
+change a password before the minimum time has passed:
+<PRE> Password was not changed because you changed it too
+ recently; see your systems administrator
+
+</PRE>
+</UL>
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Names the entry in which to record the new key.
+<P><DT><B>-new_password
+</B><DD>Specifies the character string the user types when authenticating to
+AFS. Omit this argument and type the string at the resulting prompts so
+that the password does not echo visibly. Note that some non-AFS
+programs cannot handle passwords longer than eight characters.
+<P><DT><B>-kvno
+</B><DD>Specifies the key version number associated with the new key.
+Provide an integer in the range from <B>0</B> through
+<B>255</B>. If omitted, the default is 0 (zero), which is probably
+not desirable for server keys.
+<P><DT><B>-admin_username
+</B><DD>Specifies the user identity under which to authenticate with the
+Authentication Server for execution of the command. For more details,
+see the introductory <B>kas</B> reference page.
+<P><DT><B>-password_for_admin
+</B><DD>Specifies the password of the command's issuer. If it is
+omitted (as recommended), the <B>kas</B> command interpreter prompts for
+it and does not echo it visibly. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>kas</B> reference page.
+<P><DT><B>-servers
+</B><DD>Names each machine running an Authentication Server with which to
+establish a connection. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>kas</B> reference
+page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>In the following example, an administrator using the <B>admin</B>
+account changes the password for <B>pat</B> (presumably because
+<B>pat</B> forgot the former password or got locked out of his account in
+some other way).
+<PRE> % <B>kas setpassword pat</B>
+ Password for admin:
+ new_password:
+ Verifying, please re-enter new_password:
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>Individual users can change their own passwords. To change another
+user's password or the password (server encryption key) for server
+entries such as <B>afs</B>, the issuer must have the <TT>ADMIN</TT> flag
+set in his or her Authentication Database entry.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf095.htm#HDRBOS_ADDKEY">bos addkey</A>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P><A HREF="auarf198.htm#HDRKASERVER">kaserver</A>
+<P><A HREF="auarf203.htm#HDRKPWVALID">kpwvalid</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf193.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf195.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
git://git.openafs.org / openafs.git / blobdiff