Changes the password for a Kerberos principal.
kpasswd [ Principal]
The kpasswd command changes the password for a specified Kerberos principal. It prompts for the current principals password, which is used to obtain a changepw ticket from the KDC for the user's Kerberos realm. If kpasswd successfully obtains the changepw ticket, the user is prompted twice for the new password and the password is changed.
If the principal is governed by a policy that specifies for example length and/or number of character classes required in the new password, the new password must conform to the policy.
You may not change the password for a ticket-granting service principal (krbtgt/domain) using the kpasswd command.
Item | Description |
---|---|
Principal | Specifies the principal for which password you want to change. If you do not specify the principal on the command line, the principal is obtained from the default credentials cache. |
When requesting a password change, you must supply both the current password and the new password.
Item | Description |
---|---|
/usr/krb5/bin/kpasswd | - |
/var/krb5/security/creds/krb5cc_[uid] | default credentials cache ([uid] is the UID of the user.) |