kpasswd - change a user's Kerberos password
The kpasswd command is used to change a Kerberos principal's
password. Kpasswd prompts for the current Kerberos pass-
word, which is used to obtain a changepw ticket from the KDC
for the user's Kerberos realm. If kpasswd successfully
obtains the changepw ticket, the user is prompted twice for
the new password, and the password is changed.
If the principal is governed by a policy that specifies the
length and/or number of character classes required in the
new password, the new password must conform to the policy.
(The five character classes are lower case, upper case,
numbers, punctuation, and all other characters.)
change the password for the Kerberos principal princi-
pal. Otherwise, kpasswd uses the principal name from
an existing ccache if there is one; if not, the princi-
pal is derived from the identity of the user invoking
the kpasswd command.
kpasswd looks first for kpasswd_server = host:port in the
[realms] section of the krb5.conf file under the current
realm. If that is missing, kpasswd looks for the
admin_server entry, but substitutes 464 for the port.
kpasswd may not work with multi-homed hosts running on the
Man(1) output converted with