+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 3//EN">
-<HTML><HEAD>
-<TITLE>Administration Reference</TITLE>
-<!-- Begin Header Records ========================================== -->
-<!-- /tmp/idwt3190/auarf000.scr converted by idb2h R4.2 (359) ID -->
-<!-- Workbench Version (AIX) on 5 Nov 1999 at 13:58:29 -->
-<META HTTP-EQUIV="updated" CONTENT="Fri, 05 Nov 1999 13:58:29">
-<META HTTP-EQUIV="review" CONTENT="Sun, 05 Nov 2000 13:58:29">
-<META HTTP-EQUIV="expires" CONTENT="Mon, 05 Nov 2001 13:58:29">
-</HEAD><BODY>
-<!-- (C) IBM Corporation 2000. All Rights Reserved -->
-<BODY bgcolor="ffffff">
-<!-- End Header Records ============================================ -->
-<A NAME="Top_Of_Page"></A>
-<H1>Administration Reference</H1>
-<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf201.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf203.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
-<P>
-<H2><A NAME="HDRKPASSWD" HREF="auarf002.htm#ToC_216">kpasswd</A></H2>
-<A NAME="IDX5187"></A>
-<A NAME="IDX5188"></A>
-<A NAME="IDX5189"></A>
-<A NAME="IDX5190"></A>
-<A NAME="IDX5191"></A>
-<A NAME="IDX5192"></A>
-<A NAME="IDX5193"></A>
-<P><STRONG>Purpose</STRONG>
-<P>Changes the issuer's password in the Authentication Database
-<P><STRONG>Synopsis</STRONG>
-<PRE><B>kpasswd</B> [<B>-x</B>] [<B>-principal</B> <<VAR>user name</VAR>>] [<B>-password</B> <<VAR>user's password</VAR>>]
- [<B>-newpassword</B> <<VAR>user's new password</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
- [<B>-servers</B> <<VAR>explicit list of servers</VAR>><SUP>+</SUP>] [<B>-pipe</B>] [<B>-help</B>]
-
-<B>kpasswd</B> [<B>-x</B>] [<B>-pr</B> <<VAR>user name</VAR>>] [<B>-pa</B> <<VAR>user's password</VAR>>]
- [<B>-n</B> <<VAR>user's new password</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
- [<B>-s</B> <<VAR>explicit list of servers</VAR>><SUP>+</SUP>] [<B>-pi</B>] [<B>-h</B>]
-</PRE>
-<P><STRONG>Description</STRONG>
-<P>The <B>kpasswd</B> command changes the password recorded in an
-Authentication Database entry. By default, the command interpreter
-changes the password for the AFS user name that matches the issuer's
-local identity (UNIX UID). To specify an alternate user, include the
-<B>-principal</B> argument. The user named by the
-<B>-principal</B> argument does not have to appear in the local password
-file (the <B>/etc/passwd</B> file or equivalent).
-<P>By default, the command interpreter sends the password change request to
-the Authentication Server running on one of the database server machines
-listed for the local cell in the <B>/usr/afs/etc/CellServDB</B> file on
-the local disk; it chooses the machine at random. It consults the
-<B>/usr/vice/etc/ThisCell</B> file on the local disk to learn the local
-cell name. To specify an alternate cell, include the <B>-cell</B>
-argument.
-<P>Unlike the UNIX <B>passwd</B> command, the <B>kpasswd</B> command
-does not restrict passwords to eight characters or less; it accepts
-passwords of virtually any length. All AFS commands that require
-passwords (including the <B>klog</B>, <B>kpasswd</B>, and AFS-modified
-login utilities, and the commands in the <B>kas</B> suite) accept
-passwords longer than eight characters, but some other applications and
-operating system utilities do not. Selecting an AFS password of eight
-characters or less enables the user to maintain matching AFS and UNIX
-passwords.
-<P>The command interpreter makes the following checks:
-<UL>
-<P><LI>If the program <B>kpwvalid</B> exists in the same directory as the
-<B>kpasswd</B> command, the command interpreter pass the new password to
-it for verification. For details, see the <B>kpwvalid</B> reference
-page.
-<P><LI>If the <B>-reuse</B> argument to the <B>kas setfields</B> command
-has been used to prohibit reuse of previous passwords, the command interpreter
-verifies that the password is not too similar too any of the user's
-previous 20 passwords. It generates the following error message at the
-shell:
-<PRE> Password was not changed because it seems like a reused password
-
-</PRE>
-<P>To prevent a user from subverting this restriction by changing the password
-twenty times in quick succession (manually or by running a script), use the
-<B>-minhours</B> argument on the <B>kaserver</B> initialization
-command. The following error message appears if a user attempts to
-change a password before the minimum time has passed:
-<PRE> Password was not changed because you changed it too
- recently; see your systems administrator
-</PRE>
-</UL>
-<P><STRONG>Options</STRONG>
-<DL>
-<P><DT><B>-x
-</B><DD>Appears only for backwards compatibility.
-<P><DT><B>-principal
-</B><DD>Names the Authentication Database entry for which to change the
-password. If this argument is omitted, the database entry with the same
-name as the issuer's local identity (UNIX UID) is changed.
-<P><DT><B>-password
-</B><DD>Specifies the current password. Omit this argument to have the
-command interpreter prompt for the password, which does not echo
-visibly:
-<PRE> Old password: <VAR>current_password</VAR>
-
-</PRE>
-<P><DT><B>-newpassword
-</B><DD>Specifies the new password, which the <B>kpasswd</B> command
-interpreter converts into an encryption key (string of octal numbers) before
-sending it to the Authentication Server for storage in the user's
-Authentication Database entry.
-<P>Omit this argument to have the command interpreter prompt for the password,
-which does not echo visibly:
-<PRE> New password (RETURN to abort): <VAR>new_password</VAR>
- Retype new password: <VAR>new_password</VAR>
-
-</PRE>
-<P><DT><B>-cell
-</B><DD>Specifies the cell in which to change the password, by directing the
-command to that cell's Authentication Servers. The issuer can
-abbreviate the cell name to the shortest form that distinguishes it from the
-other cells listed in the local <B>/usr/vice/etc/CellServDB</B>
-file.
-<P>By default, the command is executed in the local cell, as defined
-<UL>
-<P><LI>First, by the value of the environment variable AFSCELL
-<P><LI>Second, in the <B>/usr/vice/etc/ThisCell</B> file on the client
-machine on which the command is issued
-</UL>
-<P><DT><B>-servers
-</B><DD>Establishes a connection with the Authentication Server running on each
-specified machine, rather than with all of the database server machines listed
-for the relevant cell in the local copy of the
-<B>/usr/vice/etc/CellServDB</B> file. The <B>kpasswd</B>
-command interpreter then sends the password-changing request to one machine
-chosen at random from the set.
-<P><DT><B>-pipe
-</B><DD>Suppresses all output to the standard output stream or standard error
-stream. The <B>kpasswd</B> command interpreter expects to receive
-all necessary arguments, each on a separate line, from the standard input
-stream. Do not use this argument, which is provided for use by
-application programs rather than human users.
-<P><DT><B>-help
-</B><DD>Prints the online help for this command. All other valid options
-are ignored.
-</DL>
-<P><STRONG>Examples</STRONG>
-<P>The following example shows user <B>pat</B> changing her password in
-the ABC Corporation cell.
-<PRE> % <B>kpasswd</B>
- Changing password for 'pat' in cell 'abc.com'.
- Old password:
- New password (RETURN to abort):
- Verifying, please re-enter new_password:
-
-</PRE>
-<P><STRONG>Privilege Required</STRONG>
-<P>None
-<P><STRONG>Related Information</STRONG>
-<P><A HREF="auarf193.htm#HDRKAS_SETFIELDS">kas setfields</A>
-<P><A HREF="auarf194.htm#HDRKAS_SETPASSWORD">kas setpassword</A>
-<P><A HREF="auarf200.htm#HDRKLOG">klog</A>
-<P><A HREF="auarf203.htm#HDRKPWVALID">kpwvalid</A>
-<P>
-<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf201.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf203.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
-<!-- Begin Footer Records ========================================== -->
-<P><HR><B>
-<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
-</B>
-<!-- End Footer Records ============================================ -->
-<A NAME="Bot_Of_Page"></A>
-</BODY></HTML>