The kpasswd command is used to change a Kerberos principal's password. kpasswd prompts for the current Kerberos password, which is used to obtain a changepw ticket from the KDC for the user's Kerberos realm. If kpasswd successfully obtains the changepw ticket, the user is prompted twice for the new password, and the password is changed.
If the principal is governed by a policy that specifies the length and/or number of character classes required in the new password, the new password must conform to the policy. (The five character classes are lower case, upper case, numbers, punctuation, and all other characters.)
The following operand is supported:
Change the password for the Kerberos principal principal. Otherwise, the principal is derived from the identity of the user invoking the kpasswd command.
Temporary credentials cache for the lifetime of the password changing operation. (xxxxxx is a random string.)
See attributes(5) for descriptions of the following attributes:
If kpasswd is suspended, the changepw tickets may not be destroyed.