Password management

The standard Unix password management is not used and any modification of it by the commands ypasswd or passwd will have no effect. To be able to change your password you need to run the command below:

% kpasswd
Password for <login>@IN2P3.FR:
Enter new password:
Enter it again:

Enter the old and the new password as requested. You will have to enter the new password twice.

If you lost your password, please contact your password czar asking for the password reset.

For security reasons, it is strongly recommended to change your password periodically. CC-IN2P3 enforces an expiration limit for all passwords, but you may be more strict! The following rules are applied to passwords:

  • A password not changed after 180 days will be automatically invalidated. It will not be possible to connect to the interactive cluster. A new password should be given only by a password administrator (or czar).

  • A password not changed for more than 120 days (but less than 180) should be changed at the first session access after this delay.

At each connection in the 10 days before the password expiration, the user will be asked to change the password by the following message:

ATTENTION: Your PASSWORD EXPIRES in 5 days!

In this case, you should immediatly change your password with the kpasswd command.

Important

The password must have at least 12 characters of 3 different types (lowercase, uppercase, numeral or special character)

To know the number of days before your password expires, check the User Portal. We suggest to check this information before going on vacation or long time trips to avoid being unable to connect and having to ask your password administrator for a new password.

Troubleshooting

If, when using kpasswd to modify your password, you receive one of the error messages below:

kpasswd: No credentials cache found getting principal from ccache

kpasswd: Client not found in Kerberos database getting initial ticket

kpasswd: Unknown credential cache type opening default ccache

krb5_get_init_creds: unable to reach any KDC in realm CC.IN2P3.FR, tried 0 KDCs

Please try:

% LD_LIBRARY_PATH="" PATH="/bin:/usr/bin" kpasswd

If this still does not work, please send the following commands output to our user support.

% hostname
% /usr/bin/klist -A
% KRB5_TRACE=/dev/stdout LD_LIBRARY_PATH="" PATH="/bin:/usr/bin" kpasswd