kpasswd Command

Purpose

Changes the password for a Kerberos principal.

Syntax

kpasswd [ Principal]

Description

The kpasswd command changes the password for a specified Kerberos principal. It prompts for the current principals password, which is used to obtain a changepw ticket from the KDC for the user's Kerberos realm. If kpasswd successfully obtains the changepw ticket, the user is prompted twice for the new password and the password is changed.

If the principal is governed by a policy that specifies for example length and/or number of character classes required in the new password, the new password must conform to the policy.

You may not change the password for a ticket-granting service principal (krbtgt/domain) using the kpasswd command.

Parameters

Parameters
Item Description
Principal Specifies the principal for which password you want to change. If you do not specify the principal on the command line, the principal is obtained from the default credentials cache.

Security

When requesting a password change, you must supply both the current password and the new password.

Files

Files
Item Description
/usr/krb5/bin/kpasswd -
/var/krb5/security/creds/krb5cc_[uid] default credentials cache ([uid] is the UID of the user.)