This site requires JavaScript to be enabled

How to use kpasswd to change Fermi domain, Services or Kerberos passwords

800 views

5.0 - Updated on 2022-02-16 by Marcia Teckenbrock

4.0 - Updated on 2021-11-10 by Marcia Teckenbrock

3.0 - Updated on 2021-10-15 by Carlos Salazar (Inactive)

2.0 - Updated on 2020-06-15 by Marcia Teckenbrock

1.0 - Authored on 2020-06-15 by Marcia Teckenbrock

How to use kpasswd to change Fermi domain, Services or Kerberos passwords


Intended for:

Users who wish to use the kpasswd command to reset their Fermi domain (Windows log on), Services or Kerberos passwords. This is another option for users who need to reset their password and is done by command line (in a terminal for Mac/Linux or for a Windows command prompt:
Command prompts on Windows or Mac

Other options for resetting passwords include:


Scenario/Use case:

Reset Services, Fermi domain (Windows log on) or Kerberos password. 



Before you begin:

To use kpasswd, you must meet the following requirements:

Instructions:

When connected to the Fermilab network (onsite or via VPN) on a Fermilab-owned computer or device:

  1. Open a terminal window:
    1. Mac users: open terminal
    2. Windows users: open command prompt
    3. Linux users: if using GUI, open terminal; if not, type the command

  2. Pick the appropriate domain and type the associated command:
    1. Fermi
               
        kpasswd username@FERMI.WIN.FNAL.GOV
    1. Services

kpasswd username@SERVICES.FNAL.GOV

    1. Kerberos

kpasswd username@FNAL.GOV

  1. Enter your current password. If you do not know your current password, contact the Service Desk.

  2. Enter your new password following the password requirements (see bottom of article).


When connected to the Fermilab network on a non-FERMI computer:

  1. Install the krb5.conf file on your computer (Linux and Mac computers only).
  2. Open a terminal window:
    • Mac users: open terminal
    • Windows users: open command prompt
    • Linux users: if using GUI, open terminal; if not, type the command.

  1. Pick the appropriate domain and type in the associated command:
    1. Fermi
               
        kpasswd username@FERMI.WIN.FNAL.GOV
    1. Services

kpasswd username@SERVICES.FNAL.GOV

    1. Kerberos

kpasswd username@FNAL.GOV

  1. Enter in your current password. If you do not know your current password, contact the Service Desk.

  2. Enter your new password following the password requirements (see bottom of article)


When not connected to the Fermilab network or if you are using a non-Fermilab-owned computer:

  1. Install the Fermilab VPN software.

  2. Install the krb5.conf file on your computer ( Linux and Mac only).
  3. Open a terminal window
  1. Pick the appropriate domain domain and type in the associated command:
    1. Fermi

kpasswd username@FERMI.WIN.FNAL.GOV

    1. Services

kpasswd username@SERVICES.FNAL.GOV

    1. Kerberos

kpasswd username@FNAL.GOV

  1. Enter your current password. If you do not know your current password, contact the Service Desk.

  2. Enter your new password following the password requirements (at bottom of article)

 



Password Requirements:

    1. Minimum of 10 characters
    2. Three of the four character groups must be used 
      1. Uppercase
      2. Lowercase
      3. Numeric
      4. Special characters ( !,%,#, and @ are supported )
    1. The password cannot contain three or more characters from your username
    2. You cannot reuse any of your last 8 passwords
    3. Your password cannot contain your username or real name
    4. The password has a minimum age of 2 days