SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG
DONATE


YUM REPOSITORY

 
 

kas_setpassword

Section: AFS Command Reference (8)
Updated: OpenAFS
Index 

NAME

kas setpassword - Changes the key field in an Authentication Database entry 

SYNOPSIS

kas setpassword << -name <name of user >>>
    << [-new_password <new password] >>> << [-kvno <key version number] >>>
    << [-admin_username <admin principal to use for authentication] >>>
    << [-password_for_admin <admin password] >>> << [-cell <cell name] >>>
    << [-servers <explicit list of authentication servers+] >>>
    [-noauth] [-help]

kas setpasswd << -na <name of user >>> << [-ne <new password] >>>
    << [-k <key version number] >>>
    << [-a <admin principal to use for authentication] >>>
    << [-p <admin password] >>> << [-c <cell name] >>>
    << [-s <explicit list of authentication servers+] >>> [-no] [-h]

kas setp << -na <name of user >>> << [-ne <new password] >>>
    << [-k <key version number] >>>
    << [-a <admin principal to use for authentication] >>>
    << [-p <admin password] >>> << [-c <cell name] >>>
    << [-s <explicit list of authentication servers+] >>> [-no] [-h]

kas sp << -na <name of user >>> << [-ne <new password] >>>
    << [-k <key version number] >>>
    << [-a <admin principal to use for authentication] >>>
    << [-p <admin password] >>> << [-c <cell name] >>>
    << [-s <explicit list of authentication servers+] >>> [-no] [-h] 

DESCRIPTION

The kas setpassword command accepts a character string of unlimitedlength, scrambles it into a form suitable for use as an encryption key,places it in the key field of the Authentication Database entry named bythe -name argument, and assigns it the key version number specified bythe -kvno argument.

To avoid making the password string visible at the shell prompt, omit the-new_password argument. Prompts then appear at the shell which do notecho the password visibly.

When changing the afs server key, also issue bos addkey command toadd the key (with the same key version number) to the/usr/afs/etc/KeyFile file. See the IBM AFS Administration Guide forinstructions.

The command interpreter checks the password string subject to thefollowing conditions:

*
If there is a program called kpwvalid in the same directory as the kasbinary, the command interpreter invokes it to process the password. Fordetails, see the kpwvalid(8) manpage.
*
If the -reuse argument to the kas setfields command has been used toprohibit reuse of previous passwords, the command interpreter verifiesthat the password is not too similar too any of the user's previous 20passwords. It generates the following error message at the shell:

   Password was not changed because it seems like a reused password
To prevent a user from subverting this restriction by changing thepassword twenty times in quick succession (manually or by running ascript), use the -minhours argument on the kaserver initializationcommand. The following error message appears if a user attempts to changea password before the minimum time has passed:

   Password was not changed because you changed it too   recently; see your systems administrator
 

OPTIONS


-name <name of user>
Names the entry in which to record the new key.
-new_password <new password>
Specifies the character string the user types when authenticating toAFS. Omit this argument and type the string at the resulting prompts sothat the password does not echo visibly. Note that some non-AFS programscannot handle passwords longer than eight characters.
-kvno <key version number>
Specifies the key version number associated with the new key. Provide aninteger in the range from 0 through 255. If omitted, the default is0 (zero), which is probably not desirable for server keys.
-admin_username <admin principal>
Specifies the user identity under which to authenticate with theAuthentication Server for execution of the command. For more details, seethe kas(8) manpage.
-password_for_admin <admin password>
Specifies the password of the command's issuer. If it is omitted (asrecommended), the kas command interpreter prompts for it and does notecho it visibly. For more details, see the kas(8) manpage.
-cell <cell name>
Names the cell in which to run the command. For more details, seethe kas(8) manpage.
-servers <authentication servers>+
Names each machine running an Authentication Server with which toestablish a connection. For more details, see the kas(8) manpage.
-noauth
Assigns the unprivileged identity anonymous to the issuer. For moredetails, see the kas(8) manpage.
-help
Prints the online help for this command. All other valid options areignored.
 

EXAMPLES

In the following example, an administrator using the admin accountchanges the password for pat (presumably because pat forgot theformer password or got locked out of his account in some other way).

   % kas setpassword pat   Password for admin:   new_password:   Verifying, please re-enter new_password:
 

PRIVILEGE REQUIRED

Individual users can change their own passwords. To change another user'spassword or the password (server encryption key) for server entries suchas afs, the issuer must have the ADMIN flag set in his or herAuthentication Database entry. 

SEE ALSO

the bos_addkey(8) manpage,the kas(8) manpage,the kaserver(8) manpage,the kpwvalid(8) manpage 

COPYRIGHT

IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0. It wasconverted from HTML to POD by software written by Chas Williams and RussAllbery, based on work by Alf Wachsmann and Elizabeth Cassell.


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
EXAMPLES
PRIVILEGE REQUIRED
SEE ALSO
COPYRIGHT

This document was created byman2html,using the manual pages.