How to use kpasswd to change Fermi domain, Services or Kerberos passwords
Intended for:
Users who wish to use the kpasswd command to reset their Fermi domain (Windows log on), Services or Kerberos passwords. This is another option for users who need to reset their password and is done by command line (in a terminal for Mac/Linux or for a Windows command prompt:
Other options for resetting passwords include:
- Password reset tool (Fermi domain and Services accounts only; must be onsite or using VPN to access), which is a web-based tool.
- Contacting the Service Desk.
- In addition, employees who need to reset their Windows logon (Fermi domain) password using the native Windows option can press Ctrl + Alt + Delete and click "Change a password..." You must know your password for this option.
Scenario/Use case:
Reset Services, Fermi domain (Windows log on) or Kerberos password.
Before you begin:
To use kpassword, you must meet the following requirements:
- You must be connected to the lab network (onsite or via VPN) to reset your Fermi domain (Windows log on) and Services passwords. (Kerberos accounts can be reset offsite)
- You must know your old password. If you do not know your old password, you must contact the Service Desk.
- You must follow the password complexity requirements (see bottom of article)
- For Windows computers, you must install MIT Kerberos (Fermilab or personally owned)
Instructions:
When connected to the Fermilab network (onsite or via VPN) on a Fermilab-owned computer or device:
- Open a terminal window:
- Mac users: open terminal
- Windows users: open command prompt
- Linux users: if using GUI, open terminal; if not, type the command
- Pick the appropriate domain and type the associated command:
- Fermi
kpasswd username@FERMI.WIN.FNAL.GOV
- Fermi
-
- Services
kpasswd username@SERVICES.FNAL.GOV
-
- Kerberos
kpasswd username@FNAL.GOV
- Enter your current password. If you do not know your current password, contact the Service Desk.
- Enter your new password following the password requirements (see bottom of article).
When connected to the Fermilab network on a non-FERMI computer:
- Install the krb5.conf file on your computer (Linux and Mac computers only).
- Open a terminal window:
-
- Mac users: open terminal
- Windows users: open command prompt
- Linux users: if using GUI, open terminal; if not, type the command.
- Pick the appropriate domain and type in the associated command:
-
- Fermi
kpasswd username@FERMI.WIN.FNAL.GOV
- Fermi
-
- Services
kpasswd username@SERVICES.FNAL.GOV
-
- Kerberos
kpasswd username@FNAL.GOV
- Enter in your current password. If you do not know your current password, contact the Service Desk.
- Enter your new password following the password requirements (see bottom of article)
When not connected to the Fermilab network or if you are using a non-Fermilab-owned computer:
- Install the Fermilab VPN software.
- Install the krb5.conf file on your computer ( Linux and Mac only).
- Open a terminal window
- Mac users: open terminal
- Windows users: open command prompt
- Linux users: if using GUI, open terminal; if not, type in the command
- Pick the appropriate domain domain and type in the associated command:
-
- Fermi
kpasswd username@FERMI.WIN.FNAL.GOV
-
- Services
kpasswd username@SERVICES.FNAL.GOV
-
- Kerberos
kpasswd username@FNAL.GOV
- Enter your current password. If you do not know your current password, contact the Service Desk.
- Enter your new password following the password requirements (at bottom of article)
Password Requirements:
-
- Minimum of 10 characters
- Three of the four character groups must be used
-
-
- Uppercase
- Lowercase
- Numeric
- Special characters ( !,%,#, and @ are supported )
-
-
- The password cannot contain three or more characters from your username
- You cannot reuse any of your last 8 passwords
- Your password cannot contain your username or real name
- The password has a minimum age of 2 days