All accounts have two different passwords associated with them: Brown Account and CS LDAP. Their usage is explained in the table below. In general, services which grant full filesystem access require your Brown password. Other services use LDAP. You should pick different, secure passwords for each.

  Brown Account LDAP
What is it used for?
  • Logging into Linux
  • Logging into Windows
  • OpenVPN
  • Unlocking a locked screen
  • Obtaining Kerberos tickets with kinit
  • Department wikis
  • Printing (e.g. lprm command)


  • Postgres database
  • Jabber IM server
How do you change it?

Forgot your password? Mail problem

Brown Account Passwords

Computing and Information Services (CIS) provides services to manage your Brown Account password.

CS Kerberos Passwords

The CS Kerberos password is a leftover/workaround being used during the 2017-present OIM and file system migration. For new accounts created after August, 2017, this password is stored in ~/.initial-kpasswd. To change the CS Kerberos password, open a shell prompt, and run


*Users who've setup their CS account prior to August, 2017, would know this as their *old* CS login password or CS Kerberos Password.

LDAP Passwords

New users start out with no LDAP password, which means they can't log into services using LDAP. To set or change your LDAP password yourself, you must know your CS Kerberos password.  If you do, log into a Linux system, open a shell prompt, and run


For new accounts created after August, 2017, your CS Kerberos password is in ~/.initial-kpasswd. You do not need to know your current LDAP password to change your LDAP password.


Your LDAP password is used for a great number of services. If you have it saved in any of your applications and you change it, you will need to reconfigure your applications to remember your new password.

Forgot Your CS Kerberos Password from Spring 2017 or earlier?

Mail and request a CS Kerberos password reset.

Password Requirements

We do our best to follow the CIS password policy. Therefore, we need to enforce the following requirements on LDAP passwords:

After changing your password, you must wait a day before changing it again.

Why Two Passwords?

We are in the process of migrating our own identity services to those provided by the University.  When we are finished, your Brown Account password will be the only password you need to remember.