NAME [Toc] [Back]
passwd - change login password and associated attributes
SYNOPSIS [Toc] [Back]
passwd -r files [-F file] [name]
passwd -r files [-e [shell]] [-gh] [name]
passwd -r files -s [-a]
passwd -r files -s [name]
passwd -r files [-d|-l] [-f] [-n min] [-w warn] [-x max] name
passwd -r nis [-e [shell]] [-gh] [name]
passwd -r nisplus [-e [shell]] [-gh] [-D domain] [name]
passwd -r nisplus -s [-a]
passwd -r nisplus -s [-D domain] [name]
passwd -r nisplus [-l] [-f] [-n min] [-w warn] [-x max] [-D domain]
passwd -r dce [-e [shell]] [-gh] [name]
DESCRIPTION [Toc] [Back]
The passwd command modifies the password as well as the attributes
associated with the login name. If name is omitted, it defaults to
the invoking user's login name, which is determined using getuid. See
Ordinary users can only change passwords corresponding to their login
name. If an old password has been established, it is requested from
the user. If valid, a new password is obtained. Once the new
password is entered, it is determined if the old password has "aged"
sufficiently. If password aging is not sufficient, the new password
is rejected and passwd terminates. See passwd(4).
If password aging and construction requirements are met, the password
is re-entered to ensure consistency. If the new copy differs, passwd
repeats the new password prompting cycle, at most twice.
A superuser, whose effective user ID is zero, (see id(1) and su(1)),
is allowed to change any password and is not forced to comply with
password aging. Superusers are not prompted for old passwords, unless
they are attempting to change a superuser's password in a trusted
system. On untrusted systems, superusers are not forced to comply
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
with password construction requirements. Null passwords can be
created by entering a carriage return in response to the prompt for a
For the files (local system) repository, if no /etc/shadow file
exists, then the encrypted password is stored in the password field of
/etc/passwd. If the /etc/shadow file exists, then the encrypted
password is stored there, and an 'x' is added to the password field of
The DCE repository (-r dce) is only available if Integrated Login has
been configured. See auth.adm(1M). If Integrated Login has been
configured, other considerations apply. A user with appropriate DCE
privileges is capable of modifying a user's password, shell, gecos or
home directory and this is not dependent upon superuser privileges.
If the repository is not specified, i.e. passwd [name], the password
is changed in all existing repositories configured in
/etc/nsswitch.conf. If password options are used, and no repository
is specified, the default repository is files.
Options [Toc] [Back]
The following options are recognized:
-D domain Use the passwd.org_dir in the specified domain. This
option is for nisplus repositories only. If not
specified, the default domain is returned.
-e shell Modify the default shell for the user's login name in
the password file. If the shell is not provided, the
user will be prompted to enter the default login shell.
-F name The default password file is /etc/passwd. The -F
option can be used to choose an alternate password
file, where read and write permissions are required.
This option is only available using the files
repository, and it is not intended for trusted mode.
-g Change the gecos information in the password file,
which is used by the finger command. The user is
prompted for each subfield: name, location, work phone,
and home phone.
-r repository Specify the repository to which the operation is to be
applied. Supported repositories include files, nis,
nisplus, and dce. If repository is not specified, the
default is files.
-s name Display some password attributes associated with the
specified name. Superuser privilege and non-trusted
mode is required if the files repository is specified.
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003
For nisplus, there are no restrictions.
The format of the display will be:
name status mm/dd/yy min max warn
or, if password aging information is not present
where status means: PS =passworded; LK =locked; and NP
-a Display some password attributes for all users in the
password file. The -a option must be used in
conjunction with the -s option, with no name specified.
For nisplus, this will display entries in the NIS+
passwd table in the local domain. For files, this is
restricted to superuser, and is only valid in nontrusted
mode. For a more complete display of
attributes use the command logins -x .
Privileged User Options [Toc] [Back]
A superuser can modify characteristics associated with the user name
using the following options:
-d Allow user to login without a password by deleting it.
In untrusted mode this unlocks/activates the user
account if found locked/deactivated.
-f Force user to change password upon next login by
expiring the current password.
-h Modify the default home directory in the password file.
-l Lock user account. In untrusted mode this replaces the
encrypted password with *.
-n min Determine the minimum number of days, min, that must
transpire before the user can change the password. If
the -f option was used in a previous invocation of
passwd to immediately expire a password, the effect of
the -f option is cancelled. The effect of the -f
option is not cancelled if the -x option and -f option
are specified on the same command line or if the system
has been converted to a trusted system.
-w warn Specify the number of days, warn, prior to the password
expiring when the user will be notified that the
password needs to be changed. This option is not
allowed for systems in non-shadowed standard mode.
Hewlett-Packard Company - 3 - HP-UX 11i Version 2: August 2003
-x max Determine the maximum number of days, max, a password
can remain unchanged. The user must enter another
password after that number of days has transpired,
known as the password expiration time. If the -f
option was used in a previous invocation of passwd to
immediately expire a password, the effect of the -f
option is cancelled, and the password will not expire
until max days. The effect of the -f option is not
cancelled if the -x option and the -f option are
specified on the same command line or if the system has
been converted to a trusted system.
The min and max arguments are each represented in units of days.
These arguments will be rounded up to the nearest week on a nontrusted
HP-UX system. If the system is then converted to a trusted system,
the number of days will be based on those weeks. If only one of the
two arguments is supplied, and the other argument does not exist, then
the number of days is set to zero.
Password Aging [Toc] [Back]
The following description applies to all repositories except nis,
which does not support password aging.
The system requires a minimum time to elapse before a password can be
changed. This prevents reuse of an old password within too brief a
period of time. System warnings are displayed as the expiration time
A password is no longer usable after a time period known as the
password lifetime. After the lifetime passes, the account is locked
until it is re-enabled by a system administrator. Once unlocked, the
user is forced to change the password before using the account.
The -n min and -x max arguments are each represented in units of days.
These arguments are rounded up to the nearest week on a standard
system. If only one of the two arguments is supplied and the other
argument does not exist, then the number of days is set to zero.
Default values may be set in the /etc/default/security file for the -n
min, -x max, and -w warn options. See security(4). The parameters to
select password aging defaults are:
PASSWORD_MINDAYS [Toc] [Back]
PASSWORD_MAXDAYS [Toc] [Back]
PASSWORD_WARNDAYS [Toc] [Back]
Password Construction Requirements [Toc] [Back]
Passwords must be constructed to meet the following requirements:
Hewlett-Packard Company - 4 - HP-UX 11i Version 2: August 2003
+ On an untrusted system, only the first eight characters of a
password are significant.
+ On an untrusted system, passwords of non-root users must have at
least six characters. On a trusted system, passwords of all
users must have at least six characters. This restriction on the
password length can be increased to a value larger than six.
Refer to the security(4) manual page for detailed information on
configurable parameters that affect the behavior of this command.
The parameter to select the minimum password length is
MIN_PASSWORD_LENGTH [Toc] [Back]
+ Characters must be from the 7-bit US-ASCII character set; letters
from the English alphabet.
+ A password must contain at least two letters and at least one
numeric or special character.
+ A password must differ from the user's login name and any reverse
or circular shift of that login name. For comparison purposes,
an uppercase letter and its corresponding lowercase equivalent
are treated as identical.
+ A new password must differ from the old one by at least three
characters (one character for non super user if changed by the
super user in a trusted system).
Repository Configuration [Toc] [Back]
The /etc/nsswitch.conf file specifies the repositories for which the
password must be modified. The following configurations are
+ passwd: files
+ passwd: files nisplus
+ passwd: files nis
+ passwd: compat (--> files nis)
+ passwd: compat (--> files nisplus)
+ passwd_compat: nisplus
Smart Card Login [Toc] [Back]
If the user account is configured to use a Smart Card, the user
password is stored in the card. This password has characteristics
identical to a normal password stored on the system.
Hewlett-Packard Company - 5 - HP-UX 11i Version 2: August 2003
The Smart Card must be inserted into the Smart Card reader. The user
is prompted for a PIN instead of a password during authentication.
The password is retrieved automatically from the Smart Card when a
valid PIN is entered. Therefore, it is not necessary to know the
password, only the PIN.
If the system retrieves a valid old password from the card, a new
password is requested (twice). If the new password meets all
requirements, the system automatically overwrites the old password
stored on the card with the new password.
Therefore, the new dialog resembles:
Re-enter new password:
A Smart Card account can be shared among users. If one user modifies
the password, other users must use the scsync command to write the new
password onto their cards.
The scpin command is used to change the Smart Card PIN.
SECURITY FEATURES [Toc] [Back]
This section applies only to trusted systems. It describes additional
capabilities and restrictions.
When passwd is invoked on a trusted system, the existing password is
requested (if one is present). This initiates the password
solicitation dialog which depends upon the type of password generation
(format policy) that has been enabled on the account doing the passwd
command. There are four possible options for password generation:
Random syllables A pronounceable password made up of
Random characters An unpronounceable password made up of
random characters from the character
Random letters An unpronounceable password made up of
random letters from the alphabet.
User-supplied A user-supplied password, subject to
length and triviality restrictions.
Passwords can be greater than eight characters, but it is recommended
that they be less than 40 characters. System warnings are displayed
Hewlett-Packard Company - 6 - HP-UX 11i Version 2: August 2003
if passwords lengths are either too long or short. The system
administrator can specify a maximum password length guideline for the
system generated options (random syllables, random characters, and
random letters). The actual maximum password length depends upon
several parameters in the authentication database and in the
The system requires a minimum time to elapse before a password can be
changed. This prevents reuse of an old password within an undesirable
period of time.
A password expires after a period of time known as the expiration
time. System warnings are displayed as expiration time approaches.
A password dies after a time period known as the password lifetime.
After the lifetime passes, the account is locked until it is reenabled
by a system administrator. Once unlocked, the user is forced
to change the password before account use.
The system administrator can enable accounts without passwords. If a
user account is allowed to function without a password, the user can
choose a null password by typing a carriage-return when prompted for a
The system administrator can enable the password history feature to
discourage users from reusing previously used passwords. Refer to the
security(4) manual page for detailed information on configurable
parameters that affect the behavior of this command. The parameter
for password history is:
PASSWORD_HISTORY_DEPTH [Toc] [Back]
EXTERNAL INFLUENCES [Toc] [Back]
International Code Set Support
Characters from single-byte character code sets are supported in
EXAMPLES [Toc] [Back]
Change the password expiration date of user to 42 days in the files
passwd -r files -x 42 user
Modify the minimum time between password changes of user1 to 7 days in
the nisplus repository:
passwd -r nisplus -n 7 user1
Force user2 to establish a new password on the next login which will
expire in 70 days and prohibit the user from changing the password
until 7 days have transpired:
Hewlett-Packard Company - 7 - HP-UX 11i Version 2: August 2003
passwd -r files -f -x 70 -n 7 user2
DEPENDENCIES [Toc] [Back]
Pluggable Authentication Modules (PAM)
PAM is an Open Group standard for user authentication, password
modification, and account validation. In particular, pam_chauthtok()
is invoked to perform all functions related to passwd. This includes
establishing and changing a password, using passwd options, and
displaying error messages.
WARNINGS [Toc] [Back]
Avoid password characters which have special meaning to the tty
driver, such as # (erase) and @ (kill). You may not be able to login
with these characters.
Multiple superusers are allowed, but are strongly discouraged. That
is because the system often stores user ID rather than user name.
Having unique IDs for all users will guarantee a consistent mapping
between user name and user ID.
FILES [Toc] [Back]
/etc/passwd Standard password file used by HPUX.
/etc/shadow Shadow password file.
/tcb/files/auth/*/* Protected password database used
when system is converted to trusted
/etc/nsswitch.conf Repository Configuration.
/etc/default/security Security defaults configuration
SEE ALSO [Toc] [Back]
chfn(1), id(1), login(1), su(1), logins(1M), pwconv(1M), getuid(2),
crypt(3C), passwd(4), security(4), shadow(4), auth(5), auth.adm(1M),
Managing Systems and Workgroups
Pluggable Authentication Modules (PAM) [Toc] [Back]
pam_chauthtok(3), pam(3), pam.conf(4), pam_user.conf(4).
HP-UX Smart Card Login [Toc] [Back]
STANDARDS CONFORMANCE [Toc] [Back]
passwd: SVID2, SVID3, XPG2
Hewlett-Packard Company - 8 - HP-UX 11i Version 2: August 2003 [ Back ]