ksetpass

(Set a Kerberos password using existing credentials)

SYNOPSIS

ksetpass principal < password

DESCRIPTION

ksetpass sets the Kerberos password for the given principal using the Kerberos password change network protocol, authenticating with the user's existing Kerberos tickets. It is essentially a very stupid version of kpasswd that does not attempt reauthentication and takes no precautions about the source of the password. The principal should be given on the command line and the password on standard input.

This program is mostly useful for pushing password changes for unprivileged accounts from an automated process.

WARNINGS

Whatever ksetpass reads from standard input it uses literally as the password. It doesn't remove newlines, for example. Don't include newlines in the password unless the password really includes a newline.

This means that you should not feed it a file created by most editors, and you should pass the -n flag to echo if testing from the command line.

BUGS

The maximum length of the password is limited to BUFSIZ, generally between 1KB and 4KB, because I'm lazy and didn't feel like writing buffer reallocation code.

AUTHOR

Russ Allbery <eagle@eyrie.org>

COPYRIGHT AND LICENSE

Copyright 2008, 2010, 2013 The Board of Trustees of the Leland Stanford Junior University

Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty.

SEE ALSO

kpasswd(1)

This program is part of kadmin-remctl. The current version is available from <http://www.eyrie.org/~eagle/software/kadmin-remctl/>.

Last spun 2014-07-26 from POD modified 2014-04-13