--- /dev/null
+#!/bin/bash -ex
+#
+# Finally, set password for main user's principal
+# Aborting this operation is harmless. Just re-invoke cpw.
+#
+# kadmin.local doesn't report errors properly, so we have to
+# check manually
+#
+USER=$1
+sudo rm -f /tmp/kadmin.out
+sudo kadmin.local -p root/admin -q "cpw $USER@HCOOP.NET" \
+ 2>&1 | tee /tmp/kadmin.out
+cat /tmp/kadmin.out | grep '\(Password for .* changed\|Cannot reuse password while changing password\)'
+sudo rm -f /tmp/kadmin.out