Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ passwd(1) — Reliant UNIX 5.44c4

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

id(1)

login(1)

su(1)

makedict(1M)

passmgmt(1M)

pwconv(1M)

useradd(1M)

userdel(1M)

usermod(1M)

crypt(3C)

checkpasswd(4)

passwd(4)

shadow(4)

passwd(1)                                                         passwd(1)

NAME
     passwd - define or change login password and password attributes

SYNOPSIS
     passwd [option ...] [loginname]

DESCRIPTION
     The passwd command can be used to define a password for a login name
     or change an existing password in the /etc/shadow file. It can also be
     used to list or change specific password attributes.

     Any user may list the password attributes for his or her own login
     name. Ordinary users may change only the password and password attri-
     butes which correspond to their own login names. The system adminis-
     trator, on the other hand, can change the passwords and password
     attributes for all local login names.

     passwd prompts ordinary users (without system administrator privi-
     leges) for their old password, if one was defined.

     It then prompts for the new password to be entered. To avoid errors,
     the new password has to be entered twice. The passwords are not
     displayed on the screen as they are typed.

     When the old password is entered, passwd checks to see if it has
     "aged" sufficiently. If "aging" is insufficient, passwd terminates
     [see shadow(4)]. If no aging requirements have been defined for the
     user's password (options -n and -x), the default values MAXWEEK and
     MINWEEK from the /etc/default/passwd file are used [see
     defaultpasswd(4)]. If aging requirements have been defined, the cor-
     responding information in the /etc/shadow file remains unmodified.

     Assuming aging is sufficient, passwd checks that the new password has
     the correct format.

     A password

     -  must be at least PASSLENGTH characters long, as defined in the
        /etc/default/passwd file. PASSLENGTH has a minimum value of six
        characters. passwd always evaluates only the first eight characters
        of a password, even if PASSLENGTH is greater than eight.

     -  must contain at least two alphabetic characters and at least one
        numeric or special character. The alphabetic characters may be
        entered in uppercase or lowercase.










Page 1                       Reliant UNIX 5.44                Printed 11/98

passwd(1)                                                         passwd(1)

     -  must differ from the user's login name and any reverse or circular
        shift of that login name. For comparison purposes, no differentia-
        tion is made between uppercase and lowercase.

     -  must differ from the old password (if one was defined) by at least
        three characters. For comparison purposes, no differentiation is
        made between uppercase and lowercase.

     -  must generally not contain the <CR> character.

     If the ADDCHECK variable is set to yes in the /etc/default/passwd file
     [see defaultpasswd(4), the following additional checks are carried
     out:

     -  A search is carried out for over-simplistic passwords such as a
        series of repeated letters.

     -  The password is compared with some host-specific information such
        as the host name.

     -  The password is checked to determine if it is formed from an arbi-
        trary combination of letters in the user entry in /etc/passwd
        (inverting the login name, writing the login twice).

     -  The password is compared with information on the user at local and
        remote systems which the finger(1) command supplies.

     -  Dictionaries created specially [see makedict(1M)] are searched
        through to locate the password.

     The checks carried out are not case-sensitive (except with character
     checks).

     By default, the following characters are not permitted in passwords
     [see ascii(5)]:

     CTRL-C (ETX), CTRL-D (EOT), CTRL-H (BS), CTRL-J (LF), CTRL-M (CR),
     CTRL-O (SI), CTRL-Q (DC1), CTRL-R (DC2), CTRL-S (DC3), CTRL-Y (EM),
     CTRL-Z (SUB), CTRL-\ (FS), CTRL-[ (ESC), CTRL-] (GS), DEL

     The following types of password are accepted:

     -  Passwords containing uppercase and lowercase.

     -  Passwords containing punctuation marks.

     -  Passwords containing numbers.

     -  Passwords containing permitted CTRL characters.

     The passwd command evaluates only the first 8 characters of a pass-
     word.


Page 2                       Reliant UNIX 5.44                Printed 11/98

passwd(1)                                                         passwd(1)

     The system administrator is not prompted for the old password, and no
     check is performed to see whether the new password is in the correct
     format (except for <CR>) or complies with password aging requirements.

OPTIONS
     No option specified:
          The password of the login name under which you logged in is
          changed.

     -s   Shows the password attributes for loginname in the following
          format:

          loginname status MM/DD/YY minimum maximum warning

          or, if no password aging requirements have been set:

          loginname status

          loginname
               Login name under which the user has logged in.

          status
               The current password status of loginname: PS stands for
               passworded or locked, LK stands for locked, and NP stands
               for no password.

          MM/DD/YY
               The date on which the password for loginname was last
               changed. This date is indicated in Greenwich Mean Time and
               may therefore differ by as much as a day in other time
               zones.

          minimum
               The minimum number of days required between password changes
               for loginname. The default value is MINWEEKS, as defined in
               the /etc/default/passwd file.

          maximum
               The maximum number of days the password is to be valid for
               loginname. The default value is MAXWEEKS, as defined in the
               /etc/default/passwd file.

          warning
               The number of days before the password expires that the user
               will be warned.

     The following options can only be used by the system administrator:

     -l   Locks the password entry for loginname.

     -d   Deletes the password for loginname. The loginname will not be
          prompted for a password.


Page 3                       Reliant UNIX 5.44                Printed 11/98

passwd(1)                                                         passwd(1)

          Caution:

          If the system administrator has deleted a password for a user
          using the -d option, and password aging is activated for that
          user, the user can no longer enter a new password even if the
          PASSREQ entry in /etc/login/default file is set to YES. This
          means that the user no longer has a password. For this reason you
          should always use the -f option with the -d option. This will
          force the user to change the password at the next login.

     -n min
          At least min days must pass between two password modifications.
          If min is greater than max, the user cannot change the password.
          You should always use this option with the -x option, unless max
          is set to -1 (aging turned off), in which case, min need not be
          set.

     -x max
          The password for loginname is valid for max days at the most. If
          max is set to -1, the aging for loginname is immediately turned
          off. If max is set to 0, aging is turned off and the user is
          forced to change the password at the next login (attention: this
          can only be carried out once within a 24-hour period).

     -w warn
          The user will be warned warn days before the password expires.

     -a   Lists the password attributes for all entries. You should use
          this option only in conjunction with the -s option. You need not
          specify the loginname in this case.

     -f   Forces the user to change the password at the next login by
          invalidating the password for loginname.

     loginname
          Is the login name to which the new password is to be allocated.
          This parameter is only useful for the system administrator. If
          you are not the system administrator, you can only specify your
          own login name.

          loginname not specified:

          passwd changes the password for the current login name.

EXIT STATUS
     0  Successful completion.

     1  Permission denied.

     2  Invalid combination of options.

     3  Unexpected failure. Password file unchanged.


Page 4                       Reliant UNIX 5.44                Printed 11/98

passwd(1)                                                         passwd(1)

     4  Unexpected failure. Password file missing.

     5  Password file in use. Try again later.

     6  Invalid argument to option.

ERROR MESSAGES
     passwd: xxx does not exist.

          There is no entry for this login name in the /etc/passwd file.

     passwd: Permission denied.

          You are not permitted to change the password for the specified
          login name. Only the system administrator is permitted to change
          passwords for login names other than his/her own.

     Sorry.

          You did not enter the old password correctly when prompted for
          it.

     Password unchanged.

          The password could not be changed.

          Password must contain at least two alphabetic characters and at
          least one numeric or special character.

          The password must contain at least two non-numeric characters.

     Password is too short - must be at least 6 characters.

          You are required to enter a longer password.

     Too many failures - try later.

          You have made three unsuccessful attempts to change your pass-
          word. The password entered by you does not meet the requirements.
          Enter a new password.

     Password must differ by at least 3 positions.

          Your new password must differ from the old one by at least three
          positions.

     password file busy - try again.

          The system administrator is currently working on the password
          file. To avoid inconsistencies, you must wait until this file is
          free again.



Page 5                       Reliant UNIX 5.44                Printed 11/98

passwd(1)                                                         passwd(1)

LOCALE
     The LCMESSAGES environment variable governs the language in which
     message texts are displayed.

     LCTYPE governs character classes and character conversion (shifting).

     The LCTIME environment variable governs the format of date and time
     strings.

     If LCMESSAGES, LCCTYPE or LCTIME is undefined or is defined as the
     null string, it defaults to the value of LANG. If LANG is likewise
     undefined or null, the system acts as if it were not internationalized.

     The LCALL environment variable governs the entire locale. LCALL
     takes precedence over all the other environment variables which affect
     internationalization.

     If any of the locale variables has an invalid value, the system acts
     as if none of the variables were set.

     It is advisable to restrict the characters you use for login names and
     passwords to those in the Portable Filename Character Set; 8-bit data
     may not always be portable to non-internationalized systems.

EXAMPLES
     User alibaba working on system thieves wishes to change his password
     sesame!street. The new password is to be open!sesame:

     $ passwd
     passwd:  Changing password for alibaba
     Old password:             Blanked input of sesame!street
     New password:             Blanked input of open!sesame
     Re-enter new password:    Repeated blanked input of open!sesame

FILES
     /etc/passwd
          File in which user accounts/login names are entered.

     /etc/default/passwd
          File containing the default settings for passwd(1).

     /etc/default/checkpasswd
          File containing additional settings for passwd(1).

     /etc/shadow
          "Hidden" password file containing the encrypted passwords. No
          general read access.

SEE ALSO
     id(1), login(1), su(1), makedict(1M), passmgmt(1M), pwconv(1M),
     useradd(1M), userdel(1M), usermod(1M), crypt(3C), checkpasswd(4),
     defaultpasswd(4), passwd(4), shadow(4).


Page 6                       Reliant UNIX 5.44                Printed 11/98

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026