passwd(1) UNIX System V(Essential Utilities) passwd(1)
NAME
passwd - change login password and password attributes
SYNOPSIS
passwd [ name ]
passwd [ -l | -d ] [ -f ] [ -n min ] [ -x max ] [ -w warn ] name
passwd -s [ -a ]
passwd -s [ name ]
DESCRIPTION
The passwd command changes the password or lists password attributes
associated with the user's login name. Additionally, privileged-users
may use passwd to install or change passwords and attributes associated
with any login name.
When used to change a password, passwd prompts ordinary users for their
old password, if any. It then prompts for the new password twice. When
the old password is entered, passwd checks to see if it has aged
sufficiently. If aging is insufficient, passwd terminates; see shadow(4).
If the user's password aging has not been turned on, then password aging
is turned on for the user using the MAXWEEKS and MINWEEKS parameters in
/etc/default/passwd. If password aging is turned on the password aging
information in /etc/shadow remains unmodified.
Assuming aging is sufficient, a check is made to ensure that the new
password meets construction requirements. When the new password is
entered a second time, the two copies of the new password are compared.
If the two copies are not identical the cycle of prompting for the new
password is repeated for at most two more times.
Passwords must be constructed to meet the following requirements:
Each password must have at least PASSLENGTH characters as set in
/etc/default/passwd. PASSLENGTH must contain a minimum of six
characters, but only the first eight characters are significant.
Each password must contain at least two alphabetic characters and
at least one numeric or special character. In this case,
alphabetic refers to all upper or lower case letters.
Each password must differ from the user's login name and any
reverse or circular shift of that login name. For comparison
purposes, an upper case letter and its corresponding lower case
letter are equivalent.
New passwords must differ from the old by at least three
characters. For comparison purposes, an upper case letter and its
corresponding lower case letter are equivalent.
10/89 Page 1
passwd(1) UNIX System V(Essential Utilities) passwd(1)
Privileged users (for example, real and effective uid equal to zero, see
id(1M) and su(1M) may change any password; hence, passwd does not prompt
privileged users for the old password. Privileged users are not forced
to comply with password aging and password construction requirements. A
privileged-user can create a null password by entering a carriage return
in response to the prompt for a new password. (This differs from passwd
-d because the password prompt will still be displayed.)
Any user may use the -s option to show password attributes for his or her
own login name.
The format of the display will be:
name status mm/dd/yy min max warn
or, if password aging information is not present,
name status
where
name The login ID of the user.
status The password status of name: PS stands for passworded or
locked, LK stands for locked, and NP stands for no password.
mm/dd/yy The date password was last changed for name. (Note that all
password aging dates are determined using Greenwich Mean Time
and, therefore, may differ by as much as a day in other time
zones.)
min The minimum number of days required between password changes
for name. MINWEEKS is found in /etc/default/passwd and is set
to 0.
max The maximum number of days the password is valid for name.
MAXWEEKS is found in /etc/default/passwd and is set to 0
warn The number of days relative to max before the password
expires that the name will be warned.
Only a privileged user can use the following options:
-l Lock password entry for name.
-d Delete password for name. The login name will not be prompted
for password.
-n Set minimum field for name. The min field contains the minimum
number of days between password changes for name. If min is
greater than max, the user may not change the password. Always
use this option with the -x option, unless max is set to -1
Page 2 10/89
passwd(1) UNIX System V(Essential Utilities) passwd(1)
(aging turned off). In that case, min need not be set.
-x Set maximum field for name. The max field contains the number
of days that the password is valid for name. The aging for
name will be turned off immediately if max is set to -1.
(Aging will be turned on again if the password is changed.) If
it is set to 0, then aging is turned off.
-w Set warn field for name. The warn field contains the number of
days before the password expires that the user will be warned.
-a Show password attributes for all entries. Use only with -s
option; name must not be provided.
-f Force the user to change password at the next login by expiring
the password for name.
FILES
/etc/shadow, /etc/passwd, /etc/oshadow
SEE ALSO
login(1)
crypt(3C) in the Programmer's Reference Manual
useradd(1M), usermod(1M), userdel(1M), id(1M), passmgmt(1M), pwconv(1M),
su(1M), passwd(4), shadow(4) in the System Administrator's Reference
Manual
DIAGNOSTICS
The passwd command exits with one of the following values:
0 SUCCESS.
1 Permission denied.
2 Invalid combination of options.
3 Unexpected failure. Password file unchanged.
4 Unexpected failure. Password file(s) missing.
5 Password file(s) busy. Try again later.
6 Invalid argument to option.
WARNING
If root deletes a password for a user with the passwd -d command and
password aging is in effect for that user, the user will not be allowed
to add a new password until the null password has been aged. This is
true even if the PASSREQ flag in /etc/default/login is set to YES. This
results in a user without a password. It is recommended that the -f
10/89 Page 3
passwd(1) UNIX System V(Essential Utilities) passwd(1)
option be used whenever the -d (delete) option is used. This will force
a user to change the password at the next login.
If a user is to be set up without a password, the password entry of the
user must be absent from the /etc/shadow file. (When a user has no
password, passwd -s user should return NP.)
Page 4 10/89