This page is for people who do not have a Kerberos or LDAP password and so need to create them.

Setting up your initial Kerberos password

As of September 2008, all new accounts have Kerberos passwords. As of October 2009, virtually all existing accounts have been converted to use Kerberos. If you do not yet have a Kerberos password (i.e. you are unable to log in to Linux and/or can't run kinit), please see the User Services Coordinator (CIT 571), another member of tstaff, or a SPOC (CIT 502) to create one.

Changing your Kerberos password

If you have a Kerberos password and want to change it, run: /usr/bin/kpasswd.

Setting your initial LDAP password

To set your LDAP password you should do the following:

WINDOWS

Open a cygwin window, ssh to a linux machine, and follow the instructions for LINUX directly below.

LINUX

Create a Kerberos ticket by typing kinit

Run /local/bin/ldappasswd

Password requirements

We do our best to follow the CIS password policy. Therefore, we need to enforce the following requirements on Kerberos and LDAP passwords:

Passwords must contain at least three character classes. Character classes include lowercase letters, uppercase letters, digits, and punctuation.

Passwords must not be broken by our password cracker. Simple passwords, such as dictionary words, will fail this test, but most complex passwords should be fine.

Your password cannot be the same as any of your previous 10 passwords.

After changing your password, you must wait a day before changing it again.