| < kadmin-backend-heim | Russ Allbery > Software > kadmin-remctl | passwd_change Manual Page > |
(Set a Kerberos password using existing credentials)
ksetpass principal < password
ksetpass sets the Kerberos password for the given principal using the Kerberos password change network protocol, authenticating with the user's existing Kerberos tickets. It is essentially a very stupid version of kpasswd that does not attempt reauthentication and takes no precautions about the source of the password. The principal should be given on the command line and the password on standard input.
This program is mostly useful for pushing password changes for unprivileged accounts from an automated process.
Whatever ksetpass reads from standard input it uses literally as the password. It doesn't remove newlines, for example. Don't include newlines in the password unless the password really includes a newline.
This means that you should not feed it a file created by most editors, and you should pass the -n flag to echo if testing from the command line.
The maximum length of the password is limited to BUFSIZ, generally between 1KB and 4KB, because I'm lazy and didn't feel like writing buffer reallocation code.
kpasswd(1)
This program is part of kadmin-remctl. The current version is available from <http://www.eyrie.org/~eagle/software/kadmin-remctl/>.
Russ Allbery <rra@stanford.edu>
| < kadmin-backend-heim | Russ Allbery > Software > kadmin-remctl | passwd_change Manual Page > |