Administering the Kerberos Server
Chapter 8128
Protecting a Secret Key
A user principal must provide its password during authentication to
create the secret key of the user principal. For best security, all users
must periodically change their passwords.
This version of Kerberos contains the following methods to enforce user
principals to change their password:
• You can enable the Password Change Required attribute to enforce
the users to change their passwords during next logon.
• When the password expiration date is exceeded, the user principal
must change his or her password. The password policy file or the
date set for the principal account using one of the Kerberos server
administrative utilities contain the password expiration time.
In all these cases, users can use the UNIX command kpasswd to change
their passwords. When users execute the kpasswd command at the
HP-UX prompt, they must enter the current password, then enter the
new password twice to verify the new password string. The new
password of the principal is automatically checked against the password
policy file to ensure that it meets the enterprise criteria for secure
passwords. Using the password policy file, you can specify rules that
require users to create passwords that can prevent easy discovery of the
password. For more information on the Password Policy File, see
“Password Policy File” on page 119.
If you are using a principal account with the required administrative
permissions, you can change the password of the user principal without
knowing the current password of the principal.
When you change the password of a principal using one of the Kerberos
administrative utilities, the password is not verified against the
password policy file. Therefore, after you set a password, the user must
change the password the next time he or she attempts to authenticate
using the account. The Change Password Required attribute is
automatically enabled. You must securely communicate the temporary
password to the user so that users are aware of their temporary
passwords during next logon.
Removing Service Principals
When you delete a service principal account from the database, the
service account is no longer available on the network.