diff options
Diffstat (limited to 'crypto/krb5/doc/html/user/pwd_mgmt.html')
| -rw-r--r-- | crypto/krb5/doc/html/user/pwd_mgmt.html | 227 |
1 files changed, 0 insertions, 227 deletions
diff --git a/crypto/krb5/doc/html/user/pwd_mgmt.html b/crypto/krb5/doc/html/user/pwd_mgmt.html deleted file mode 100644 index 6af1d7d83dad..000000000000 --- a/crypto/krb5/doc/html/user/pwd_mgmt.html +++ /dev/null @@ -1,227 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>Password management — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="Ticket management" href="tkt_mgmt.html" /> - <link rel="prev" title="For users" href="index.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="index.html" title="For users" - accesskey="P">previous</a> | - <a href="tkt_mgmt.html" title="Ticket management" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Password management">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="password-management"> -<h1>Password management<a class="headerlink" href="#password-management" title="Link to this heading">¶</a></h1> -<p>Your password is the only way Kerberos has of verifying your identity. -If someone finds out your password, that person can masquerade as -you—send email that comes from you, read, edit, or delete your files, -or log into other hosts as you—and no one will be able to tell the -difference. For this reason, it is important that you choose a good -password, and keep it secret. If you need to give access to your -account to someone else, you can do so through Kerberos (see -<a class="reference internal" href="#grant-access"><span class="std std-ref">Granting access to your account</span></a>). You should never tell your password to anyone, -including your system administrator, for any reason. You should -change your password frequently, particularly any time you think -someone may have found out what it is.</p> -<section id="changing-your-password"> -<h2>Changing your password<a class="headerlink" href="#changing-your-password" title="Link to this heading">¶</a></h2> -<p>To change your Kerberos password, use the <a class="reference internal" href="user_commands/kpasswd.html#kpasswd-1"><span class="std std-ref">kpasswd</span></a> command. -It will ask you for your old password (to prevent someone else from -walking up to your computer when you’re not there and changing your -password), and then prompt you for the new one twice. (The reason you -have to type it twice is to make sure you have typed it correctly.) -For example, user <code class="docutils literal notranslate"><span class="pre">david</span></code> would do the following:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kpasswd</span> -<span class="n">Password</span> <span class="k">for</span> <span class="n">david</span><span class="p">:</span> <span class="o"><-</span> <span class="n">Type</span> <span class="n">your</span> <span class="n">old</span> <span class="n">password</span><span class="o">.</span> -<span class="n">Enter</span> <span class="n">new</span> <span class="n">password</span><span class="p">:</span> <span class="o"><-</span> <span class="n">Type</span> <span class="n">your</span> <span class="n">new</span> <span class="n">password</span><span class="o">.</span> -<span class="n">Enter</span> <span class="n">it</span> <span class="n">again</span><span class="p">:</span> <span class="o"><-</span> <span class="n">Type</span> <span class="n">the</span> <span class="n">new</span> <span class="n">password</span> <span class="n">again</span><span class="o">.</span> -<span class="n">Password</span> <span class="n">changed</span><span class="o">.</span> -<span class="n">shell</span><span class="o">%</span> -</pre></div> -</div> -<p>If <code class="docutils literal notranslate"><span class="pre">david</span></code> typed the incorrect old password, he would get the -following message:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kpasswd</span> -<span class="n">Password</span> <span class="k">for</span> <span class="n">david</span><span class="p">:</span> <span class="o"><-</span> <span class="n">Type</span> <span class="n">the</span> <span class="n">incorrect</span> <span class="n">old</span> <span class="n">password</span><span class="o">.</span> -<span class="n">kpasswd</span><span class="p">:</span> <span class="n">Password</span> <span class="n">incorrect</span> <span class="k">while</span> <span class="n">getting</span> <span class="n">initial</span> <span class="n">ticket</span> -<span class="n">shell</span><span class="o">%</span> -</pre></div> -</div> -<p>If you make a mistake and don’t type the new password the same way -twice, kpasswd will ask you to try again:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kpasswd</span> -<span class="n">Password</span> <span class="k">for</span> <span class="n">david</span><span class="p">:</span> <span class="o"><-</span> <span class="n">Type</span> <span class="n">the</span> <span class="n">old</span> <span class="n">password</span><span class="o">.</span> -<span class="n">Enter</span> <span class="n">new</span> <span class="n">password</span><span class="p">:</span> <span class="o"><-</span> <span class="n">Type</span> <span class="n">the</span> <span class="n">new</span> <span class="n">password</span><span class="o">.</span> -<span class="n">Enter</span> <span class="n">it</span> <span class="n">again</span><span class="p">:</span> <span class="o"><-</span> <span class="n">Type</span> <span class="n">a</span> <span class="n">different</span> <span class="n">new</span> <span class="n">password</span><span class="o">.</span> -<span class="n">kpasswd</span><span class="p">:</span> <span class="n">Password</span> <span class="n">mismatch</span> <span class="k">while</span> <span class="n">reading</span> <span class="n">password</span> -<span class="n">shell</span><span class="o">%</span> -</pre></div> -</div> -<p>Once you change your password, it takes some time for the change to -propagate through the system. Depending on how your system is set up, -this might be anywhere from a few minutes to an hour or more. If you -need to get new Kerberos tickets shortly after changing your password, -try the new password. If the new password doesn’t work, try again -using the old one.</p> -</section> -<section id="granting-access-to-your-account"> -<span id="grant-access"></span><h2>Granting access to your account<a class="headerlink" href="#granting-access-to-your-account" title="Link to this heading">¶</a></h2> -<p>If you need to give someone access to log into your account, you can -do so through Kerberos, without telling the person your password. -Simply create a file called <a class="reference internal" href="user_config/k5login.html#k5login-5"><span class="std std-ref">.k5login</span></a> in your home directory. -This file should contain the Kerberos principal of each person to whom -you wish to give access. Each principal must be on a separate line. -Here is a sample .k5login file:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">jennifer</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> -<span class="n">david</span><span class="nd">@EXAMPLE</span><span class="o">.</span><span class="n">COM</span> -</pre></div> -</div> -<p>This file would allow the users <code class="docutils literal notranslate"><span class="pre">jennifer</span></code> and <code class="docutils literal notranslate"><span class="pre">david</span></code> to use your -user ID, provided that they had Kerberos tickets in their respective -realms. If you will be logging into other hosts across a network, you -will want to include your own Kerberos principal in your .k5login file -on each of these hosts.</p> -<p>Using a .k5login file is much safer than giving out your password, -because:</p> -<ul class="simple"> -<li><p>You can take access away any time simply by removing the principal -from your .k5login file.</p></li> -<li><p>Although the user has full access to your account on one particular -host (or set of hosts if your .k5login file is shared, e.g., over -NFS), that user does not inherit your network privileges.</p></li> -<li><p>Kerberos keeps a log of who obtains tickets, so a system -administrator could find out, if necessary, who was capable of using -your user ID at a particular time.</p></li> -</ul> -<p>One common application is to have a .k5login file in root’s home -directory, giving root access to that machine to the Kerberos -principals listed. This allows system administrators to allow users -to become root locally, or to log in remotely as root, without their -having to give out the root password, and without anyone having to -type the root password over the network.</p> -</section> -<section id="password-quality-verification"> -<h2>Password quality verification<a class="headerlink" href="#password-quality-verification" title="Link to this heading">¶</a></h2> -<p>TODO</p> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">Password management</a><ul> -<li><a class="reference internal" href="#changing-your-password">Changing your password</a></li> -<li><a class="reference internal" href="#granting-access-to-your-account">Granting access to your account</a></li> -<li><a class="reference internal" href="#password-quality-verification">Password quality verification</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For users</a><ul class="current"> -<li class="toctree-l2 current"><a class="current reference internal" href="#">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_config/index.html">User config files</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/index.html">User commands</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="index.html" title="For users" - >previous</a> | - <a href="tkt_mgmt.html" title="Ticket management" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Password management">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file |