Usage

The kpasswd command changes the password for the specified Kerberos principal using the password change service. You must supply the current password for the principal as well as the new password. The password change server applies any applicable password policy rules to the new password before changing the password.

You may not change the password for a ticket-granting service principal (krbtgt/realm) using the kpasswd command.

If you have a SAF database, An RRSF local node must be defined in order to generate the corresponding Kerberos secret key whenever a password is changed. Refer to z/OS Security Server RACF Security Administrator's Guide for information on defining the local RRSF node.