Managing Kerberos

Changing a User Name and Password

Once the network manager has set up the access server, users can change their own passwords on the master KDC for their realm.

Example: Sample Kerberos User Authentication Session

The following example shows a sample session for changing a password. The way that message 468 wraps may appear differently on your terminal screen.

Local> kpasswd

Username> smith

Old password> oldpassword (not echoed)

New password> newpassword (not echoed)

Verification> newpassword (not echoed)

Local -468- Attempting to change Kerberos password for user smith@finance.acme.com

Local -469- Kerberos password has been changed

Local>

Alternative Password Command

Instead of the KPASSWD command, you can also use the DEFINE KERBEROS PASSWORD COMMAND as described in the Network Access Server Command Reference.

User Authentication Counters

This section describes the user authentication counters. These counters display information that is useful for detecting problems.

Network Access Server User Authentication Counters

The following example shows how to display the user authentication counters for the access server:

Local> SHOW SERVER AUTHENTICATION COUNTERS

 

 

 

 

Total

Total

 

 

attempts

failures

User authentication (all realms):

 

16

0

 

Total

Valid

Error

 

Packets

Packets

Packets

 

Sent

Received

Received

Realm: mfg.acme.com

8

8

0

Realm: sales.acme.com

7

6

1

Realm: finance.acme.com

1

1

0

Time since counters last zeroed:

 

 

1 01:55:14

Managing Access Server Security 22-11

Page 457
Image 457
HP NetRider manual Changing a User Name and Password, User Authentication Counters, Alternative Password Command