jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-22 17:00:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
59741a821c
openafs/doc/html/AdminReference/auarf202.htm
Derrick Brashear d7da1acc31 initial-html-documentation-20010606 
pull in all documentation from IBM
2001-06-06 19:09:07 +00:00

165 lines
8.7 KiB
HTML
Raw Blame History

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
<HTML><HEAD>
<TITLE>Administration Reference</TITLE>
<!-- Begin Header Records ========================================== -->
<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
</HEAD><BODY>
<!-- (C) IBM Corporation 2000. All Rights Reserved -->
<BODY bgcolor="ffffff">
<!-- End Header Records ============================================ -->
<A NAME="Top_Of_Page"></A>
<H1>Administration Reference</H1>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf201.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf203.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
<P>
<H2><A NAME="HDRKPASSWD" HREF="auarf002.htm#ToC_216">kpasswd</A></H2>
<A NAME="IDX5187"></A>
<A NAME="IDX5188"></A>
<A NAME="IDX5189"></A>
<A NAME="IDX5190"></A>
<A NAME="IDX5191"></A>
<A NAME="IDX5192"></A>
<A NAME="IDX5193"></A>
<P><STRONG>Purpose</STRONG>
<P>Changes the issuer's password in the Authentication Database
<P><STRONG>Synopsis</STRONG>
<PRE><B>kpasswd</B> [<B>-x</B>] [<B>-principal</B> &lt;<VAR>user&nbsp;name</VAR>>] [<B>-password</B> &lt;<VAR>user's&nbsp;password</VAR>>]
[<B>-newpassword</B> &lt;<VAR>user's&nbsp;new&nbsp;password</VAR>>] [<B>-cell</B> &lt;<VAR>cell&nbsp;name</VAR>>]
[<B>-servers</B> &lt;<VAR>explicit&nbsp;list&nbsp;of&nbsp;servers</VAR>><SUP>+</SUP>] [<B>-pipe</B>] [<B>-help</B>]
<B>kpasswd</B> [<B>-x</B>] [<B>-pr</B> &lt;<VAR>user&nbsp;name</VAR>>] [<B>-pa</B> &lt;<VAR>user's&nbsp;password</VAR>>]
[<B>-n</B> &lt;<VAR>user's&nbsp;new&nbsp;password</VAR>>] [<B>-c</B> &lt;<VAR>cell&nbsp;name</VAR>>]
[<B>-s</B> &lt;<VAR>explicit&nbsp;list&nbsp;of&nbsp;servers</VAR>><SUP>+</SUP>] [<B>-pi</B>] [<B>-h</B>]
</PRE>
<P><STRONG>Description</STRONG>
<P>The <B>kpasswd</B> command changes the password recorded in an
Authentication Database entry. By default, the command interpreter
changes the password for the AFS user name that matches the issuer's
local identity (UNIX UID). To specify an alternate user, include the
<B>-principal</B> argument. The user named by the
<B>-principal</B> argument does not have to appear in the local password
file (the <B>/etc/passwd</B> file or equivalent).
<P>By default, the command interpreter sends the password change request to
the Authentication Server running on one of the database server machines
listed for the local cell in the <B>/usr/afs/etc/CellServDB</B> file on
the local disk; it chooses the machine at random. It consults the
<B>/usr/vice/etc/ThisCell</B> file on the local disk to learn the local
cell name. To specify an alternate cell, include the <B>-cell</B>
argument.
<P>Unlike the UNIX <B>passwd</B> command, the <B>kpasswd</B> command
does not restrict passwords to eight characters or less; it accepts
passwords of virtually any length. All AFS commands that require
passwords (including the <B>klog</B>, <B>kpasswd</B>, and AFS-modified
login utilities, and the commands in the <B>kas</B> suite) accept
passwords longer than eight characters, but some other applications and
operating system utilities do not. Selecting an AFS password of eight
characters or less enables the user to maintain matching AFS and UNIX
passwords.
<P>The command interpreter makes the following checks:
<UL>
<P><LI>If the program <B>kpwvalid</B> exists in the same directory as the
<B>kpasswd</B> command, the command interpreter pass the new password to
it for verification. For details, see the <B>kpwvalid</B> reference
page.
<P><LI>If the <B>-reuse</B> argument to the <B>kas setfields</B> command
has been used to prohibit reuse of previous passwords, the command interpreter
verifies that the password is not too similar too any of the user's
previous 20 passwords. It generates the following error message at the
shell:
<PRE> Password was not changed because it seems like a reused password
</PRE>
<P>To prevent a user from subverting this restriction by changing the password
twenty times in quick succession (manually or by running a script), use the
<B>-minhours</B> argument on the <B>kaserver</B> initialization
command. The following error message appears if a user attempts to
change a password before the minimum time has passed:
<PRE> Password was not changed because you changed it too
recently; see your systems administrator
</PRE>
</UL>
<P><STRONG>Options</STRONG>
<DL>
<P><DT><B>-x
</B><DD>Appears only for backwards compatibility.
<P><DT><B>-principal
</B><DD>Names the Authentication Database entry for which to change the
password. If this argument is omitted, the database entry with the same
name as the issuer's local identity (UNIX UID) is changed.
<P><DT><B>-password
</B><DD>Specifies the current password. Omit this argument to have the
command interpreter prompt for the password, which does not echo
visibly:
<PRE> Old password: <VAR>current_password</VAR>
</PRE>
<P><DT><B>-newpassword
</B><DD>Specifies the new password, which the <B>kpasswd</B> command
interpreter converts into an encryption key (string of octal numbers) before
sending it to the Authentication Server for storage in the user's
Authentication Database entry.
<P>Omit this argument to have the command interpreter prompt for the password,
which does not echo visibly:
<PRE> New password (RETURN to abort): <VAR>new_password</VAR>
Retype new password: <VAR>new_password</VAR>
</PRE>
<P><DT><B>-cell
</B><DD>Specifies the cell in which to change the password, by directing the
command to that cell's Authentication Servers. The issuer can
abbreviate the cell name to the shortest form that distinguishes it from the
other cells listed in the local <B>/usr/vice/etc/CellServDB</B>
file.
<P>By default, the command is executed in the local cell, as defined
<UL>
<P><LI>First, by the value of the environment variable AFSCELL
<P><LI>Second, in the <B>/usr/vice/etc/ThisCell</B> file on the client
machine on which the command is issued
</UL>
<P><DT><B>-servers
</B><DD>Establishes a connection with the Authentication Server running on each
specified machine, rather than with all of the database server machines listed
for the relevant cell in the local copy of the
<B>/usr/vice/etc/CellServDB</B> file. The <B>kpasswd</B>
command interpreter then sends the password-changing request to one machine
chosen at random from the set.
<P><DT><B>-pipe
</B><DD>Suppresses all output to the standard output stream or standard error
stream. The <B>kpasswd</B> command interpreter expects to receive
all necessary arguments, each on a separate line, from the standard input
stream. Do not use this argument, which is provided for use by
application programs rather than human users.
<P><DT><B>-help
</B><DD>Prints the online help for this command. All other valid options
are ignored.
</DL>
<P><STRONG>Examples</STRONG>
<P>The following example shows user <B>pat</B> changing her password in
the ABC Corporation cell.
<PRE> % <B>kpasswd</B>
Changing password for 'pat' in cell 'abc.com'.
Old password:
New password (RETURN to abort):
Verifying, please re-enter new_password:
</PRE>
<P><STRONG>Privilege Required</STRONG>
<P>None
<P><STRONG>Related Information</STRONG>
<P><A HREF="auarf193.htm#HDRKAS_SETFIELDS">kas setfields</A>
<P><A HREF="auarf194.htm#HDRKAS_SETPASSWORD">kas setpassword</A>
<P><A HREF="auarf200.htm#HDRKLOG">klog</A>
<P><A HREF="auarf203.htm#HDRKPWVALID">kpwvalid</A>
<P>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf201.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf203.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
<!-- Begin Footer Records ========================================== -->
<P><HR><B>
<br>&#169; <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
</B>
<!-- End Footer Records ============================================ -->
<A NAME="Bot_Of_Page"></A>
</BODY></HTML>
Reference in New Issue View Git Blame Copy Permalink