NAME

LIBRARY

SYNOPSIS

krb5_error_code
krb5_change_password(krb5_context context, krb5_creds *creds, char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string);

krb5_error_code
krb5_set_password(krb5_context context, krb5_creds *creds, char *newpw, krb5_principal targprinc, int *result_code, krb5_data *result_code_string, krb5_data *result_string);

krb5_error_code
krb5_set_password_using_ccache(krb5_context context, krb5_ccache ccache, char *newpw, krb5_principal targprinc, int *result_code, krb5_data *result_code_string, krb5_data *result_string);

const char *
krb5_passwd_result_to_string(krb5_context context, int result);

DESCRIPTION

krb5_set_password() and krb5_set_password_using_ccache() are the newer of the three functions, and use a newer version of the protocol (and also fall back to the older set-password protocol if the newer protocol doesn't work).

krb5_change_password() sets the password newpasswd for the client principal in creds. The server principal of creds must be kadmin/changepw.

krb5_set_password() and krb5_set_password_using_ccache() change the password for the principal targprinc.

krb5_set_password() requires that the credential for kadmin/changepw@REALM is in creds. If the user caller isn't an administrator, this credential needs to be an initial credential, see krb5_get_init_creds(3) how to get such credentials.

krb5_set_password_using_ccache() will get the credential from ccache.

If targprinc is NULL, krb5_set_password_using_ccache() uses the the default principal in ccache and krb5_set_password() uses the global the default principal.

All three functions return an error in result_code and maybe an error string to print in result_string.

krb5_passwd_result_to_string() returns an human readable string describing the error code in result_code from the krb5_set_password() functions.

SEE ALSO