| 
        passwd, chfn, chsh - Changes password file information
        passwd [-f  | -s] [username]
       passwd  -q  [username]
       passwd  -q  -a
       chfn [username]
       chsh [username]
       Displays the password attributes of all users. This option
       may only be used with the -q option and you must be  root.
       Invokes  the  chfn command when given with the passwd command.
  Displays the password status of PS if the user  has
       a  password, LK if the user has an administrative lock, or
       NP if the user has no password.  Users other than root may
       only use the -q option on themselves. If a username is not
       specified, the password status of the current username  is
       displayed.   Invokes  the chsh command when given with the
       passwd command.  Prompts the user to change their  general
       user  information, such as full name, office phone, office
       number, and  home  phone  number.  Phone  numbers  can  be
       entered  with  or without dashes.  Included in each prompt
       is a default value enclosed in [ ] (brackets).  Press  the
       Enter key to accept the default value or enter a new value
       or the word none to leave a  field  blank  and  press  the
       Enter key.
              To  display  general  information for a user, enter
              the finger username command.
              A superuser can change any user's general  information;
  other users can only change their own. Superusers
 can also run the account  management  interfaces,
 dxaccounts, and usermod to modify passwords.
              Prompts the user to change the login shell. The new
              login  shell  must  be  one  of the approved shells
              listed in the  /etc/shells  file  unless  you  have
              superuser privileges.  If the /etc/shells file does
              not exist, the only shells that  can  be  specified
              are /usr/bin/sh and /usr/bin/csh. If you abbreviate
              the shell name, the first entry in the  /etc/shells
              file  that  matches the shell abbreviation is used.
              For example, if  you  specify  ksh,  and  both  the
              /bin/ksh   and   /usr/bin/ksh  shells  are  in  the
              /etc/shells file, the shell is changed to the shell
              that is listed.
              A  superuser  can  change  any  user's login shell;
              other users can only change their own.
       The passwd command changes the  password  associated  with
       your username (by default) or the specified username.
       A password must have at least six characters and can be up
       to eight characters. If you enter more than eight  characters
  when creating a password, the passwd command ignores
       any characters after the eighth.  A password  can  include
       digits,  symbols, and the letters of your alphabet.  It is
       strongly suggested that you include  unusual  punctuation,
       control  characters,  or  digits  in your password. Use of
       only lowercase letters is discouraged.
       This passwd command uses the Security  Integration  Architecture
 (SIA) routine as an interface to the security modules.
 When entering the passwd command, a user  is  either
       prompted  for  password information or a menu is displayed
       from which the user chooses a password to change. The menu
       is displayed if the user's name is recognized by more than
       one registered security module in the SIA.
       When using the menu, users can synchronize all their passwords
 at once to the same new password. However, passwords
       of all security mechanisms must already  be  same  at  the
       start  of  the  synchronizing process. If the password for
       each security mechanisms is different,  users  must  first
       change them individually to be the same.
       If  your  system  is configured into a Kerberos realm, you
       can use the passwd command to change your  Kerberos  password
  because  Kerberos is a registered security module in
       the SIA.
       If a user's passwords are not synchronized  and  they  are
       operating in a Kerberos realm and need to use the Kerberos
       enhancement commands, such as rsh, rlogin, and  rcp,  then
       they  must  first enter the kinit command to obtain a Kerberos
 Ticket Granting Ticket (TGT).
   ENHANCED SECURITY    [Toc]    [Back]
       Under enhanced security  the  passwd  -q  command  gathers
       information from the enhanced security password and system
       defaults databases, and displays the data as follows: name
       status date min_change max_change
       The  status  field is PS if the user has a password, LK if
       the user has an administrative lock, or NP if the user has
       no  password.  The  date is the day of the last successful
       password change in mm/dd/yy format.
       The min_change field is the period in days, measured  from
       the date of last password change, which must pass before a
       user can change his user account password. A value  of   0
       means  the  password  may  be  changed  at  any  time. The
       max_change field is the period in days, measured from  the
       date  of  last  password change, for which the password is
       valid. Adding this value to  the  date  of  last  password
       change  gives the date at which the password expires and a
       change will be required.  A value  of  0  means  that  the
       password will never expire.
       When  you  use  the  passwd command with enhanced security
       installed, the system prompts for the  existing  password,
       and  begins a password solicitation dialog that depends on
       the options for password generation the administrator  has
       enabled   for  your  account.   There  are  four  possible
       options: A pronounceable password made up  of  meaningless
       syllables.   An unpronounceable password made up of random
       characters from the  character  set.   An  unpronounceable
       password  made  up of random letters from the alphabet.  A
       user specified password, which is subject  to  length  and
       triviality restrictions.
       A maximum length is specified for all user passwords.  The
       minimum password length depends on several parameters  set
       in the authentication databases.
       The  system  requires  a minimum time to elapse before you
       can change your password.  This stops you from reusing  an
       old password too soon.
       A  password  expires  after  a period of time known as the
       expiration time. The system warns you when the  expiration
       time is drawing near.
       A  password dies after a period of time known as the password
 lifetime. After the lifetime passes, your account  is
       locked  until the administrator re-enables it.  After your
       user account is unlocked, you must  change  your  password
       again before you can use your account.
       When  you  successfully type your old password, the system
       prints  the  last  successful  and  unsuccessful  password
       change  times.   Make  sure that these times are accurate;
       use them to detect attempted password changes by an  unauthorized
 user.
       You  can change your own password if the administrator has
       enabled any of the password generation  options  for  your
       account.
       Using  the  passwd command to reset a user's password does
       not unlock the user's account if the account is locked for
       a reason other than an expired password.
       If  a  password longer than 8 characters was entered under
       base security and then enhanced security is installed, you
       must use only the first 8 characters of the original password.
  This is because base security only used the first 8
       characters  of  the  password and the enhanced password is
       created from the base password.
       To change your password, enter: $ passwd
              You are prompted  for  your  old  password  (if  it
              exists).   You  are then prompted twice for the new
              password.   To  change  general  user  information,
              enter: $ chfn
              The  current  user values are displayed.  Press the
              Enter key to accept the default value  or  enter  a
              new  value or the word none to leave a field blank,
              and press the Enter key.  Name  [User  Name]:  Room
              Number  [3A-41]:  4A-43 Office Phone [3-1234]: Home
              Phone [555-1234]:  To  change  only  your  Kerberos
              password when your system is configured into a Kerberos
 realm, enter: $ passwd
              The following menu is displayed: You are registered
              with the following security mechanisms
              1   Kerberos  2  BSD 3  Synchronized update for the
              above-listed mechanisms
              [Default selection:  3]
              Select ONE item by number: 1
              You have selected: Kerberos
              Old Kerberos password: New Kerberos password:  Verify
 Kerberos password:
       Contains  user  information.  The list of approved shells.
       Provides the matrix that selects the appropriate installed
       security  module.  Enhanced security password database for
       system accounts.  Enhanced security password database  for
       user   accounts.    Enhanced  security's  system  defaults
       database.
       Commands:  finger(1),  kinit(1),  kdestroy(1),   klist(1),
       login(1), vipw(8), dxaccounts(8), usermod(8)
       Files:  matrix.conf(4), prpasswd(4), passwd(4)
       Guides: Security Administration
                                                        passwd(1)
[ Back ] |