Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ passwd(1) — HP-UX 10.20

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

auth(5)

auth.adm(1M)

auth.dce(5)

chfn(1)

id(1)

login(1)

su(1)

crypt(3C)

getlogin(3C)

passwd(4)

passwd(1)

NAME

passwd − change login password

SYNOPSIS

passwd [-F file] [name]

passwd [-f] [-n min] [-x max] [-w warn] name

DESCRIPTION

The passwd command installs or changes the password associated with the login name. If name is omitted, it defaults to the invoking user’s login name.  passwd uses getlogin(3C) to determine the invoking user’s name.

The default password file is /etc/passwd.  You can use the -F option to choose an alternate password file.  You must have read and write permission for the alternate file. 

Ordinary users can change only the password corresponding to their own login name. If there is an old password, passwd prompts for it.  Then it prompts for the new password twice.  The first time the new password is entered, passwd checks to see if the old password has "aged" sufficiently.  If "aging" is insufficient, the new password is rejected and passwd terminates; see passwd(4).

Assuming "aging" is sufficient, a check is made to ensure that the new password meets construction requirements.  When the new password is entered a second time, the two copies of the new password are compared.  If the two copies differ, passwd repeats the cycle of prompting for the new password, at most twice. 

Passwords must be constructed to meet the following requirements:

• A password must have at least six characters.  Only the first eight characters are significant in an untrusted system. 

• Characters must be from the 7-bit USASCII character set; letters from the English alphabet. 

• A password must contain at least two uppercase and/or lowercase letters and at least one numeric or special character. 

• A password must differ from the user’s login name and any reverse or circular shift of that login name. For comparison purposes, an uppercase letter and its corresponding lowercase equivalent are treated as identical.

• A new password must differ from the old one by at least three characters (one character in a trusted system).  For comparison purposes, an uppercase letter and its corresponding lowercase equivalent are treated as identical. 

A superuser is a user whose effective user ID is zero; see id(1), and su(1). Superusers can change any password and are not forced to comply with password aging. In an untrusted system superusers are not forced to comply with password construction requirements, and passwd does not prompt a superuser for the old password.  A superuser can create a null password by entering a carriage return in response to the prompt for a new password. 

A superuser can also modify password aging characteristics associated with the user name using the following options:

-f This option forces the user to enter a new password on the next login. 

-n min This option determines the minimum number of days, min, that must transpire before the user can change the password. 

-w warn This option specifies the number of days, warn, prior to the password expiring when the user will be notified that the password needs to be changed.  This option is only enabled when your system has been converted to a trusted, secure system.  Refer to the HP-UX System Administration Tasks Manual on how to convert your HP-UX to a trusted, secure system. 

-x max This option determines the maximum number of days, max, a password can remain unchanged.  The user must enter another password after that number of days has transpired, known as the password expiration time . 

The min and max arguments are each represented in units of days.  These arguments will be rounded up to the nearest week on a non-trusted HP-UX system.  If your system is then converted to a trusted system, the number of days will be based on those weeks.  If you only supply one of the two arguments, passwd checks to see if the other one already exists. If it does not exist, then it defaults it to zero for you. 

NETWORKING FEATURES

passwd can use the HP-UX Integrated Login Library, if configured.  For a complete description of using and administering HP-UX Integrated Login, see auth(5) and auth.admin(1M).

HP-UX Integrated Login typically uses the Distributed Computing Environment (DCE) for its user registry.  For a complete description of the DCE user registry and its relationship with HP-UX Integrated Login, see auth.dce(5).

SECURITY FEATURES

This section applies only to a trusted system. It describes additional capabilities and restrictions. 

Additional restrictions which apply to superusers include: prompted for supersuer passwords, null passwords must have been allowed explicitly, all other password construction requirements, and prompted for "user number", if it exists. 

When you use passwd on a trusted system, the system prompts for the existing password (if any), and begins a password solicitation dialog that depends on the type of password generation the system administrator has enabled on your account.  There are four possible options for password generation:

• random syllables: A pronounceable password made up of meaningless syllables. 

• random characters: An unpronounceable password made up of random characters from the character set. 

• random letters: An unpronounceable password made up of random letters from the alphabet. 

• user-supplied: A user-supplied password, subject to length and triviality restrictions. 

Passwords can be longer than eight characters.  The system administrator specifies a maximum password length guideline for the 3 system generated options.  The minimum password length depends on several parameters that the system administrator sets in the authentication databases.  The system warns you if you choose a password that is too short or too long. 

The system requires a minimum time to elapse before you can change a password.  This prevents you from reusing an old password too soon. 

A password expires after a period of time known as the expiration time. The system warns you when the expiration time is drawing near.

A password dies after a period of time known as the password lifetime. After the lifetime passes, the account is locked until the system administrator re-enables it. After unlocking, you must change your password again before you can use your account.

The system administrator can individually enable accounts with no passwords.  If your account can be run without a password, and if you are allowed to pick your password, you can type carriage-return at the New password: prompt. 

You can change your own password if the system administrator has enabled any of the password generation options for your account. 

EXAMPLES

Change the password expiration date of user to 42 days:

passwd -x 42 user

Change the minimum time between password changes of user1 to 7 days:

passwd -n 7 user1

Force user2 to establish a new password on the next login that will expire in 70 days and prohibit the user from changing the password until 7 days have transpired:

passwd -f -x 70 -n 7 user2

EXTERNAL INFLUENCES

International Code Set Support

Characters from single-byte character code sets are supported in passwords. 

FILES

/etc/passwd Standard password file used by HP-UX. 

/tcb/files/auth/*/* Protected password database used when system is converted to trusted system. 

SEE ALSO

auth(5), auth.adm(1M), auth.dce(5), chfn(1), id(1), login(1), su(1), crypt(3C), getlogin(3C), passwd(4). 

STANDARDS CONFORMANCE

passwd: SVID2, SVID3, XPG2

Hewlett-Packard Company  —  HP-UX Release 10.20:  July 1996

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026