Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
Principals
Chapter 6110
Protecting Secret Keys
User principals must provide their passwords during authentication to
create their secret keys. For best security, users should be required to
periodically change their passwords.
This version of Kerberos has two methods of enforcing that users change
their passwords. A user principal is required to change their passwords
when:
• A system administrator enables the Password Change Required
attribute. In this case, the user principal must change their
passwords at the next logon.
• The password expiration date is exceeded. The expiration is
calculated from the information in the password policy file, or the
date set for the principal account using one of the Kerberos Server
administrative tools. If the password has expired, the user principal
must change its passwords.
In both the situations, users can change their passwords using kpasswd
on UNIX. The user must enter the current password, followed by the new
password twice to verify the new password string. The principal’s new
password is automatically checked against the password policy file to
ensure that it meets the enterprise criteria for secure passwords. Using
the password policy file, you can specify rules that force users to build
the kinds of passwords that can prevent easy discovery or cracking with
brute-force methods. For more information on the Password Policy File,
refer to “Password Policy File” on page 101.
An administrator using a principal account with the required
administrative permissions can also change a user principal’s password.
The administrator is not required to know the current password to
change the password.
When a principal’s password is changed using one of the Kerberos
Server’s administrative tools, the password is not verified against the
password policy file. For this reason, the password set by an
administrator must, by default, be changed the next time the user
attempts to authenticate using the account. The Change Password
Required attribute is automatically enabled. The user must know the
temporary password created by the administrator at the next log on, so
you must develop a secure method for communicating the temporary
password to the user.