(Set a Kerberos password using existing credentials)


ksetpass principal < password


ksetpass sets the Kerberos password for the given principal using the Kerberos password change network protocol, authenticating with the user's existing Kerberos tickets. It is essentially a very stupid version of kpasswd that does not attempt reauthentication and takes no precautions about the source of the password. The principal should be given on the command line and the password on standard input.

This program is mostly useful for pushing password changes for unprivileged accounts from an automated process.


Whatever ksetpass reads from standard input it uses literally as the password. It doesn't remove newlines, for example. Don't include newlines in the password unless the password really includes a newline.

This means that you should not feed it a file created by most editors, and you should pass the -n flag to echo if testing from the command line.


The maximum length of the password is limited to BUFSIZ, generally between 1KB and 4KB, because I'm lazy and didn't feel like writing buffer reallocation code.


Russ Allbery <eagle@eyrie.org>


Copyright 2008, 2010, 2013 The Board of Trustees of the Leland Stanford Junior University

Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty.



This program is part of kadmin-remctl. The current version is available from <http://www.eyrie.org/~eagle/software/kadmin-remctl/>.

Last spun 2017-12-29 from POD modified 2014-04-13