*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->HP-UX 11i man pages -> nispasswd (1)              


 nispasswd(1)                                                   nispasswd(1)

 NAME    [Toc]    [Back]
      nispasswd - change NIS+ password information

 SYNOPSIS    [Toc]    [Back]
      nispasswd [ -ghs ] [ -D domainname ] [ username ]

      nispasswd -a

      nispasswd -D domainname ] [ -d [ username ] ]

      nispasswd [ -l ] [ -f ] [ -n min ] [ -x max ] [ -w warn ]
      [ -D domainname ] username

 DESCRIPTION    [Toc]    [Back]
      nispasswd changes a password, gecos (finger) field (-goption), home
      directory (-hoption), or login shell (-soption) associated with the
      username (invoker by default) in the NIS+ passwd table.

      Additionally, the command can be used to view or modify aging
      information associated with the user specified if the invoker has the
      right NIS+ privileges.

      nispasswd uses secure RPC to communicate with the NIS+ server, and
      therefore, never sends unencrypted passwords over the communication

      nispasswd does not read or modify the local password information
      stored in the /etc/passwd file.

      When used to change a password, nispasswd prompts non-privileged users
      for their old password. It then prompts for the new password twice to
      forestall typing mistakes. When the old password is entered, nispasswd
      checks to see if it has aged sufficiently.  If aging is insufficient,
      nispasswd terminates; see getpwent(3C).

      The old password is used to decrypt the username's secret key.  If the
      password does not decrypt the secret key, nispasswd prompts for the
      old secure-RPC password.  It uses this password to decrypt the secret
      key.  If this fails, it gives the user one more chance.  The old
      password is also used to ensure that the new password differs from the
      old by at least three characters.  Assuming aging is sufficient, a
      check is made to ensure that the new password meets construction
      requirements described below. When the new password is entered a
      second time, the two copies of the new password are compared. If the
      two copies are not identical, the cycle of prompting for the new
      password is repeated twice. The new password is used to re-encrypt the
      user's secret key.  Hence, it also becomes their secure-RPC password.

      Passwords must be constructed to meet the following requirements:

 Hewlett-Packard Company            - 1 -   HP-UX 11i Version 2: August 2003

 nispasswd(1)                                                   nispasswd(1)

           + Each password must have at least six characters. Only the first
             eight characters are significant.

           + Each password must  contain  at  least  two  alphabetic
             characters  and at least one numeric or special character.  In
             this case, "alphabetic" refers to all upper or lower case

           + Each password must differ from the  user's  login username and
             any  reverse or circular shift of that login username.  For
             comparison purposes, an upper case letter  and  its
             corresponding lower case letter are equivalent.

           + New passwords must differ from  the  old  by  at  least three
             characters.  For  comparison purposes, an upper case letter and
             its corresponding lower case letter are equivalent.

      Network administrators, who own the NIS+ password table, may change
      any password attributes if they establish their credentials (see
      keylogin(1)) before invoking nispasswd.  Hence, nispasswd does not
      prompt these privileged-users for the old password and they are not
      forced to comply with password aging and password construction

      Any user may use the -d option to display password attributes for his
      or her own login name.  The format of the display will be:

           username status mm/dd/yy min max warn

      or, if password aging information is not present,

           username status


      username    The login ID of the user.

      status      The password status of username: "PS" stands for password
                  exists or locked, "LK" stands for locked, and "NP" stands
                  for no password.

      mm/dd/yy    The date password was last changed for username.  (Note
                  that all password aging dates are determined using
                  Greenwich Mean Time and, therefore, may differ by as much
                  as a day in other time zones.)

      min         The minimum number of days required between password
                  changes for username.

      max         The maximum number of days the password is valid for

 Hewlett-Packard Company            - 2 -   HP-UX 11i Version 2: August 2003

 nispasswd(1)                                                   nispasswd(1)

      warn        The number of days relative to max before the password
                  expires that the username will be warned.

    Options    [Toc]    [Back]
      -g             Change the gecos (finger) information.

      -h             Change the home directory.

      -s             Change the login shell.  By default, only the NIS+
                     administrator can change the login shell.  User will be
                     prompted for the new login shell.

      -a             Show the password attributes for all entries.  This
                     will show only the entries in the NIS+ passwd table in
                     the local domain that the invoker is authorized to

      -d [username]  Display password attributes for the caller or the user
                     specified if the invoker has the right privileges.

      -l             Locks the password entry for username.  Subsequently,
                     login(1) would disallow logins with this NIS+ password

      -f             Force the user to change password at the next login by
                     expiring the password for username.

      -n min         Set minimum field for username. The min field contains
                     the minimum number of days between password changes for
                     username. If min is greater than max, the user may not
                     change the password. Always use this option with the -x
                     option, unless max is set to -1 (aging turned off). In
                     that case, min need not be set.

      -x max         Set maximum field for username. The max field contains
                     the number of days that the password is valid for
                     username. The aging for username will be turned off
                     immediately if max is set to -1. If it is set to 0,
                     then the user is forced to change the password at the
                     next login session and aging is turned off.

      -w warn        Set warn field for username. The warn field contains
                     the number of days before the password expires that the
                     user will be warned whenever he or she attempts to log

      -D domainname  Consult the passwd.org_dir table in domainname. If this
                     option is not specified, the default domainname
                     returned by nis_local_directory() will be used. This
                     domainname is the same as that returned by

 Hewlett-Packard Company            - 3 -   HP-UX 11i Version 2: August 2003

 nispasswd(1)                                                   nispasswd(1)

    Notes    [Toc]    [Back]
      The login program, file access display programs (for example, 'ls -l')
      and network programs that require user passwords (for example,
      rlogin(1), ftp(1), etc.) use the standard getpwent(3C) interface to
      get password information. These programs will get the NIS+ password
      information, which is modified by nispasswd, only if the passwd: entry
      in the /etc/nsswitch.conf file includes nisplus.  See nsswitch.conf(4)
      for more details.

 RETURN VALUE    [Toc]    [Back]
      The nispasswd command exits with one of the following values:

           0    SUCCESS.

           1    Permission denied.

           2    Invalid combination of options.

           3    Unexpected failure.  NIS+ passwd table unchanged.

           4    NIS+ passwd table missing.

           5    NIS+ is busy.  Try again later.

           6    Invalid argument to option.

           7    Aging is disabled.

 WARNINGS    [Toc]    [Back]
      HP-UX 11i Version 2 is the last HP-UX release on which NIS+ is

      LDAP is the recommended replacement for NIS+.  HP fully supports the
      industry standard naming services based on LDAP.

 AUTHOR    [Toc]    [Back]
      nispasswd was developed by Sun Microsystems, Inc.

 SEE ALSO    [Toc]    [Back]
      keylogin(1), login(1), nis+(1), nistbladm(1), passwd(1),
      domainname(1), getpwent(3C), nsswitch.conf(4), passwd(4).

 Hewlett-Packard Company            - 4 -   HP-UX 11i Version 2: August 2003
[ Back ]
 Similar pages
Name OS Title
chage Linux change user password expiry information
yppasswd Tru64 change password in Network Information Service (NIS)
yppasswd HP-UX change login password in Network Information System (NIS)
passwd IRIX change login password and password attributes
yppasswd Tru64 Update user password in Network Information Service (NIS) password map.
smbpasswd.8 IRIX change a user's SMB password
yppasswd IRIX change NIS login password
yppasswd Linux change your password in the NIS database
dpasswd Linux change dialup password
passwd Linux change user password
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service