tail head cat sleep
QR code linking to this page

Manual Pages  — KPASSWDD


kpasswdd – Kerberos 5 password changing server



kpasswdd [-addresses= address] [-check-library= library] [-check-function= function] [-k kspec | -keytab= kspec ] [-r realm | -realm= realm ] [-p string | -port= string ] [-version] [-help]


kpasswdd serves request for password changes. It listens on UDP port 464 (service kpasswd) and processes requests when they arrive. It changes the database directly and should thus only run on the master KDC.

Supported options:
-addresses= address
  For each till the argument is given, add the address to what kpasswdd should listen too.
-check-library= library
  If your system has support for dynamic loading of shared libraries, you can use an external function to check password quality. This option specifies which library to load.
-check-function= function
  This is the function to call in the loaded library. The function should look like this:

const char * passwd_check(krb5_context context, krb5_principal principal, krb5_data *password)

context is an initialized context; principal is the one who tries to change passwords, and password is the new password. Note that the password (in password->data) is not zero terminated.

-k kspec , -keytab= kspec
  Keytab to get authentication key from.
-r realm , -realm= realm
  Default realm.
-p string , -port= string
  Port to listen on (default service kpasswd - 464).


If an error occurs, the error message is returned to the user and/or logged to syslog.


The default password quality checks are too basic.


kpasswd(1), kdc(8)

HEIMDAL KPASSWDD (8) April 19, 1999

tail head cat sleep
QR code linking to this page

Please direct any comments about this manual page service to Ben Bullock. Privacy policy.

It's a UNIX system, I know this!
— Lex Murphy, Jurassic Park