These functions change the password for a given principal.
krb5_set_password() and
krb5_set_password_using_ccache() are the newer of the three functions, and use a newer version of the protocol (and also fall back to the older set-password protocol if the newer protocol doesn't work).
krb5_change_password() sets the password
newpasswd for the client principal in
creds. The server principal of creds must be
kadmin/changepw.
krb5_set_password() and
krb5_set_password_using_ccache() change the password for the principal
targprinc.
krb5_set_password() requires that the credential for
kadmin/changepw@REALM is in
creds. If the user caller isn't an administrator, this credential needs to be an initial credential, see
krb5_get_init_creds(3) how to get such credentials.
krb5_set_password_using_ccache() will get the credential from
ccache.
If
targprinc is
NULL,
krb5_set_password_using_ccache() uses the the default principal in
ccache and
krb5_set_password() uses the global the default principal.
All three functions return an error in
result_code and maybe an error string to print in
result_string.
krb5_passwd_result_to_string() returns an human readable string describing the error code in
result_code from the
krb5_set_password() functions.