kpasswd(TC)
kpasswd --
change authenticated login password
Syntax
kpasswd [ principal ]
kpasswd -host [ -init | -random ]
kpasswd -checkhost
Description
kpasswd changes the password assigned to a principal
in the Registry maintained by the SCO Security server.
root can also use kpasswd to set or change
a machine principal's password, and to update
the machine's /krb5/v5srvtab key table file accordingly.
With the -checkhost option, root
can use this command in scripts to verify that the
host's correct service key is stored in the key table file.
To change a principal's network password, enter
kpasswd followed by the name of the principal.
Enter the principal's current network password (when prompted),
then enter the new password (when prompted).
If no arguments are specified,
kpasswd looks at the user's current network credentials
and finds the principal name to which they are assigned.
If that fails, kpasswd uses the current login name
as the principal name.
The following options are supported:
-host-
change the host password for the local machine
and put the correct key (and version) in the
/krb5/v5srvtab service key table.
kpasswd does not prompt for the old password
because it is already in the key table.
If the old password is not in the key table,
an error message is printed.
In that case, enter kpasswd -host -init
to re-initialize the host key
(you are prompted for a new password).
-host -random-
same as -host, but uses a pseudo-random key
instead of prompting for a new password.
-host -init-
use this option to enter the key for a machine principal
that has just been added to the Security Registry
to the host's /krb5/v5srvtab file.
You are prompted for the host key.
-checkhost-
verify that the correct service key is
stored in the key table.
kpasswd returns a status of 0 if the host
key is correct, and 1 (error) if there is no host key,
the host key is wrong, or the Registry cannot be contacted.
kpasswd also writes
a single line of text to the standard output.
The text displayed is either
SET
or
NOTSET
, depending on
whether or not the correct service key is stored
in the key table.
Use this option in configuration scripts.
If the principal is associated with a DCE account,
the user invoking kpasswd must have u
(change user information) permission in the account's
Access Control List (ACL).
See also
passwd(C),
pe_site(SFF)
Standards conformance
kpasswd is not part of any currently supported standard.
It is an extension of AT&T UNIX System V provided by
The Santa Cruz Operation, Inc.
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 02 June 2005