Changing Server and Machine Passwords in the Keytab File
Passwords for all principals must be changed when they expire. Human principals can use their platform's chpass command to change their password. The dced security validation service automatically changes the machine's password as necessary by assigning a randomly generated password. This daemon is supplied with DCE and runs on each local machine that engages in network access. Generally, you can assume that servers or applications created by other vendors also automatically change their password as required by randomly generating passwords. However, if a server that runs under its own identity does not automatically update its password, you must do it manually by using the dcecp keytab add command, as described in Adding Entries to a Keytab File.
Note: Servers that run under the identity of a human principal should not automatically update their own passwords. When such a server updates its password, it also updates the password of the human principal under whose identity it runs. The human principal must then supply this randomly generated password to log into the system and to reauthenticate. Since the human principal can never know the randomly generated password, the principal cannot log into the system and cannot reauthenticate.