Password Tab (Principal Information window)

The Password tab is used to specify the password parameters for the principal.

Figure 6-3 Password Tab (Principal Information Window)

Principal

Displays the name of the principal you are editing.

Password Expiration Date

The password expiration date indicates when the current principal password expires. Check the Password Expiration Date box to activate password expiration for the current principal. If this function is not enabled, then the current principal's password never expires.

Enter one of the following options in the Password Expiration date box:

A date and time, in the format
HH:MM MM/DD/YYY
The keyword NEVER, which indicates that the expiration is not effected.

Key Version Number

Every principal password has a version number associated with it that identifies the number of times the password has been changed. When a principal is first created, its password version number is one. Every time the password is changed, the version number is incremented by one.

Password Last Changed

This date is updated when you change a password. The word NEVER indicates the password cannot be changed by the user.

Change Password button

Displays the Change Password window, which provides the option to specify a password or to generate a random key for the current principal.

Failed Auth Count

This is the number of failed authentication attempts since the last successful authentication by the principal. Every failed SignOn request by the client increments the Failed Auth Count by one. If the number exceeds the maximum allowed by the MaxFailAuthCnt parameter in the password policy file, the principal account is automatically locked. To determine if a principal account is locked, click the Attributes tab in the Principal Information window and look at the Lock Principal check box. To unlock a principal, clear the check box.

For more information, refer to “Password Policy File”.

Primary and Secondary Key Types

The available key options are DES3-MD5, DES-MD5,and DES-CRC encryption. Select a key encryption type for each salt type that you use.

Primary and Secondary Salt Types

A Salt is a string of characters added to a password before it is transformed into the secret key. Each salt type, except None has data associated with it. The salt data is appended to the password before generating the DES3 or DES encrypted key. The salt key settings are controlled through the Password tab of the Principals Information window. Salts are used to strengthen passwords and ensure that principals with the same passwords do not have the same key.

Change Password window (Password tab)

kadminl_ui automatically displays the Change Password window when a new principal is created from the Password tab of the Principals Information window. Enter a new password and verify the password for user principals. For service principals, select Generate Random Key.

Generate Random Key creates a unique encrypted key without entering a password.

Figure 6-4 Change Password Window (Password Tab)

Principal: Displays the name of the principal you are editing.
Generate Random key: Check this box to generate a random key for a principal. Generating a random key always results in a unique key. Random keys are generally created for service principals.
New Password: Enter the new password information. This is a temporary password, because the principal is required to change the user's password at the next logon, assuming the NoChangeReqPwd setting in the principal's password policy file is set to zero, which is the default.
Verification: Re-enter your new password for verification.

Password Tab (Principal Information window)

Technical documentation

» Table of Contents

» Glossary

» Index

Change Password window (Password tab)