*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->IRIX man pages -> passwd (1)              
Title
Content
Arch
Section
 

Contents


PASSWD(1)							     PASSWD(1)


NAME    [Toc]    [Back]

     passwd - change login password and	password attributes

SYNOPSIS    [Toc]    [Back]

     passwd [ name ]

     passwd [ -l | -d ]	[ -n min ] [ -f	] [ -x max ] [ -w warn ] name

     passwd -s [ -a ]

     passwd -s [ name ]

DESCRIPTION    [Toc]    [Back]

     The passwd	command	changes	the password or	lists password attributes
     associated	with the user's	login name.  Additionally, super-users may use
     passwd to install or change passwords and attributes associated with any
     login name.  Passwords for	NIS entries that don't override	the passwd
     field with	a local	value must be changed with yppasswd(1).

     When used to change a password, passwd prompts ordinary users for their
     old password, if any.  It then prompts for	the new	password twice.	The
     first time	the new	password is entered passwd checks to see if the	old
     password has ``aged'' sufficiently. (Aging	is not supported for NIS
     entries, even if they have	locally	overridden passwords.)	Password
     "aging" is	the amount of time (usually a certain number of	days) that
     must elapse between password changes.  If ``aging'' is insufficient the
     new password is rejected and passwd terminates;  see passwd(4).

     Assuming ``aging''	is sufficient, a check is made to insure that the new
     password meets construction requirements.	When the new password is
     entered a second time, the	two copies of the new password are compared.
     If	the two	copies are not identical the cycle of prompting	for the	new
     password is repeated for at most two more times.

     Passwords must be constructed to meet the following requirements:

	  Each password	must have at least six characters.  Only the first
	  eight	characters are significant.

	  Each password	must contain at	least two alphabetic characters	and at
	  least	one numeric or special character.  In this case,
	  ``alphabetic'' means upper and lower case letters.

	  Each password	must differ from the user's login name and any reverse
	  or circular shift of that login name.	 For comparison	purposes, an
	  upper	case letter and	its corresponding lower	case letter are
	  equivalent.

	  New passwords	must differ from the old by at least three characters.
	  For comparison purposes, an upper case letter	and its	corresponding
	  lower	case letter are	equivalent.




									Page 1






PASSWD(1)							     PASSWD(1)



     One whose effective user ID is zero is called a super-user; see id(1),
     and su(1).	 Super-users may change	any password; hence, passwd does not
     prompt super-users	for the	old password.  Super-users are not forced to
     comply with password aging	and password construction requirements.	 A
     super-user	can create a null password by entering a carriage return in
     response to the prompt for	a new password.	 (This differs from passwd -d
     because the "password" prompt will	still be displayed.)

     Any user may use the -s option to show password attributes	for his	or her
     own login name.

     The format	of the display will be:

	  name status uid gid directory	shell mm/dd/yy min max

     or, if password aging information is not present,

	  name status uid gid directory	shell

     or, if the	entry is from NIS,

	  name status directory	shell

     where

     name	 The login ID of the user.

     status	 The password status of	name: "PS" stands for passworded or
		 locked, "LK" stands for locked, and "NP" stands for no
		 password.

     uid	 Numerical user	ID

     gid	 Numerical group ID

     directory	 Initial working directory

     shell	 program to use	as Shell when the user logs in.

     mm/dd/yy	 The date password was last changed for	name.  (Because	all
		 password aging	dates are determined using Greenwich Mean Time
		 and /etc/passwd stores	the information	in weeks, the date may
		 differ	by as much as a	week depending upon the	local time
		 zone.)

     min	 The minimum number of days required between password changes
		 for name.

     max	 The maximum number of days the	password is valid for name.






									Page 2






PASSWD(1)							     PASSWD(1)



     Only a super-user can use the following options:

     -l	       Locks password entry for	name, preventing all logins to that
	       account,	except via the rhosts(4) mechanism.  Note that this
	       feature allows a	denial of service attack that may require
	       booting from the	miniroot to fix, as even the root accounts can
	       be locked out.

     -d	       Deletes password	for name.  The login name will not be prompted
	       for password.

     -n	       Set minimum field for name.  The	min field contains the minimum
	       number of days between password changes for name.  If min is
	       greater than max, the user may not change the password.	Always
	       use this	option with the	-x option, unless max is set to	-1 or
	       0 (aging	turned off).  In that case, min	need not be set.

     -x	       Set maximum field for name.  The	max field contains the number
	       of days that the	password is valid for name.  The aging for
	       name will be turned off immediately if max is set to -1.	 If it
	       is set to 0, then the user is forced to change the password at
	       the next	login session and aging	is turned off.	If max is less
	       than min, only the super-user can change	this user's password.

     -a	       Show password attributes	for all	entries.  Use only with	-s
	       option; name must not be	provided.

     -f	       Force the user to change	password at the	next login by expiring
	       the password for	name.

     -w	       The warn	argument indicates the number of days before the
	       password	expires	that the user is warned.  This option is
	       supported only when the shadow passwords	are in use.

     The behavior of the program is influenced by the content of
     /etc/default/passwd if this file exists. The file is not supplied with
     the system, but may be locally created and	modified as need be.  If the
     file is not present, the default behaviors	described below	are followed.
     The following items are recognized:

     HISTORYCNT=n
	  the number of	previous passwords to retain in	/etc/passwd.history
	  for each system user.	 The default behavior is to not	retain any
	  (and to not create the file).	 Previously used passwords found in
	  the history file may not be reused until HISTORYCNT other passwords
	  have been used, or HISTORYDAYS have elapsed.	The superuser may
	  supply any password for a user, including previously used ones.
	  This superuser supplied password is retained in the history file.
	  The maximum value is 25.






									Page 3






PASSWD(1)							     PASSWD(1)



     HISTORYDAYS=n
	  the number of	days to	retain and check for previously	used
	  passwords.  The default behavior is to not retain any	(and to	not
	  create the history file).  The maximum value is 730 (approximately
	  two years).  If HISTORYCNT has not been specified and	this parameter
	  has been, HISTORYCNT is set to 25.  Smaller values of	HISTORYCNT may
	  be specified.

     MAXWEEKS=n
	  the maximum number of	weeks that the password	is valid.  The default
	  behavior is to not set a value.  This	is equivalent to the -x	XX
	  command line arguments.

     MINWEEKS=n
	  minimum number of weeks between password changes (part of password
	  aging).  The default behavior	is to not set a	value.	This is
	  equivalent to	the -n XX command line arguments.

     PASSGEN=/path
	  external program to be invoked to supply generated passwords.	 The
	  default behavior is to not have such a program.  The program is
	  invoked in lieu of getting a password	from the user.	The user must
	  select one of	the choices offered.  The superuser may	still supply
	  passwords, and is not	presented with the generated passwords.	 The
	  program must be specified as a full pathname (starts with /).	 It
	  should produce the passwords on separate lines with a	trailing new
	  line character on its	stdout which is	read by	passwd and presented
	  to the user.	Up to 20 generated passwords may be supplied by	the
	  program.  If it generates more than 20, an error message is printed
	  and no passwords are presented.  No generating programs are supplied
	  with the system.

     PASSLENGTH=n
	  minimum length of an acceptable password.  This defaults to 6, and
	  has a	maximum	value of 8.

     PASSWDVALIDATE=/path
	  external program to be invoked to validate a new password.  The
	  default behavior is to not have such a program.  The program is
	  invoked after	the basic validation steps discussed above. It must be
	  specified as a full pathname (starts with /).	 The program receives
	  the new password in the clear, with a	trailing new line, on its
	  standard input, which	is closed after	writing	this one line.	The
	  passwd program issues	a wait(2) and obtains the exit status of the
	  external validation program.	Exit status of 0 indicates the new
	  password is acceptable, all other status values indicate an error
	  and the new password is not accepted.	Passwords being	changed	by the
	  superuser are	not subject to this validation.	 No external
	  validation programs are supplied with	the system.






									Page 4






PASSWD(1)							     PASSWD(1)



     WARNWEEKS=n
	  number of weeks before password expiration to	begin warning the
	  user.	 The default behavior is to not	set a value.  This is
	  equivalent to	the -w XX comand line arguments.

NOTE    [Toc]    [Back]

     Aging does	not work with NIS entries, even	if the password	is locally
     overridden.

     The passwd	command	will silently delete commented lines (lines beginning
     with #) from /etc/passwd.

FILES    [Toc]    [Back]

     /etc/passwd, /etc/opasswd,	/etc/.pwd.lock,	/etc/shadow, /etc/oshadow,
     /etc/default/passwd, /etc/passwd.history

SEE ALSO    [Toc]    [Back]

      
      
     id(1M), login(1), su(1M).
     yppasswd(1) for NIS passwords.
     crypt(3C),	passwd(4), shadow(4).

DIAGNOSTICS    [Toc]    [Back]

     The passwd	command	exits with one of the following	values:

     0	       SUCCESS.

     1	       Permission denied.

     2	       Invalid combination of options.

     3	       File manipulation error.

     4	       Old password or shadow password file cannot be recovered.

     5	       Password	file(s)	busy.  Try again later.

     6	       Invalid argument	to option.

     7	       Unexpected failure.  Password file unchanged.

     8	       Unknown login name.

     9	       Password	aging is disabled.


									PPPPaaaaggggeeee 5555
[ Back ]
 Similar pages
Name OS Title
passwd HP-UX change login password and associated attributes
yppasswd IRIX change NIS login password
yppasswd HP-UX change login password in Network Information System (NIS)
pxfgetpwnam IRIX Gets password information about login name
yppasswd Linux change your password in the NIS database
nispasswd HP-UX change NIS+ password information
passwd Linux change user password
dpasswd Linux change dialup password
smbpasswd.8 IRIX change a user's SMB password
yppasswd Tru64 Update user password in Network Information Service (NIS) password map.
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service