PASSWD(C) UNIX System V
Name
passwd - change login or dialup shell password
Syntax
passwd [ -f device ] [ -r retries ] [ -d dialname ]
passwd [name]
passwd -s [name]
passwd -l [-f] [-x max] [-n min] name
passwd -d [-f] [-x max] [-n min] name
passwd -s [-a]
Description
The passwd command changes the password or lists password
attributes associated with the user's login name. Although
the passwd utility provides a command-line interface, it is
recommended that system administrators use the sysadmsh(ADM)
Accounts selection to administer passwords. Account
administrator's can use passwd to install or change
passwords and attributes associated with any login name.
When used to change a password, passwd prompts users who are
authorized to change their own passwords for their old
password. (The administrator has the choice of allowing
users to pick their own passwords or have the system
generate passwords for them.)
Passwords have three levels of validity. Passwords are
valid until their expiration time is reached. When a
password expires, if the user is allowed to do so, the user
is prompted to change their password. If users are not
permitted to change their own password, the administrator
will have to assign a new password.
Passwords are considered expired until their lifetime ends.
A dead password causes a user account to be locked. Only a
system administrator can remove the lock on the user's
account, through the sysadmsh Accounts selection. If users
are not allowed to change passwords, a new password must be
assigned.
To prevent password reuse, the Authentication Administrator
can also set a minimum change time on a password, before
which a user may not change passwords. All of these
parameters may be changed on a system-wide (System Defaults
database) and per-user (Protected Password database) basis.
Assuming it has passed the aging requirements, a check is
made to ensure that the new password meets construction
requirements. When the new password is entered a second
time, the two copies of the new password are compared. If
the two copies are not identical the cycle of prompting for
the new password is repeated for at most two more times.
Passwords must be constructed to meet the following
requirements:
The minimum length of a password is recalculated and
depends on the maximum password length and the minimum
days between changes set on a user or system default
basis via sysadmsh.
If check for obviousness is yes, each password must
contain at least two alphabetic characters and at least
one numeric or special character. In this case,
"alphabetic" refers to all uppercase or lowercase
letters.
Each password must differ from the user's login name
and any reverse or circular shift of that login name.
For comparison purposes, an uppercase letter and its
corresponding lowercase letter are equivalent. (See
goodpw(ADM) for a thorough explanation of these
checks.)
System administrators (users with the auth subsystem
authorization) may change any password; hence, passwd does
not prompt such users for the old password. The password
restrictions on the administrator's account apply to all
passwords generated by the administrator for any account.
Only authorized users may use the -s option to show password
attributes for the login name.
The format of the display will be
name status mm/dd/yy min max
or, if password aging information is not present,
name status
where:
name The login ID of the user.
status The password status of name: PS stands for
passworded or locked, LK stands for locked, and
NP stands for no password.
mm/dd/yy The date password was last changed for name.
min The minimum number of days required between
password changes for name.
max The maximum number of days the password is valid
for name.
Only authorized users can use the following options:
-l Locks password entry for name.
-d Deletes password for name. The user will not be
able to log in. This option should not be used;
the sysadmsh Accounts selection should be used to
change the password rather than remove it.
-n Set minimum field for name. The min field
contains the minimum number of days between
password changes for name. Always use this option
with the -x option (except when -x man is set to
-1) to ensure that aging is turned on.
-x Set maximum field for name. The max field
contains the number of days that the password is
valid for name. The aging for name will be turned
off immediately if max is set to -1. (Do not use
with the -n option.) If it is set to 0, then the
user is forced to change the password and aging is
turned off at the next day's login session.
-a Show password attributes for all entries. Use
only with -s option; name must not be provided.
-f Force the user to change password at the next
login by expiring the password for name.
-mdialname
Change the password for dialup shell dialname
(listed in /etc/dpasswd). If dialname begins
with a slash (``/'') the entire shell name must
match. Otherwise the password for every shell
whose basename is dialname is changed. The format
of the dialup password file looks like this:
shell_name:encrypted_password
For example, /bin/csh, /bin/sh, and
/usr/lib/uucp/uucico could have entries with
separate passwords. Only the super-user may
change a dialup shell password.
-Fdevice Change/create the password for filesystem device
(listed in /etc/default/filesys). For example, to
create a password for mounting the root
filesystem, the following command is used:
passwd -F /dev/root
this password will then be referenced by mnt(C)
for mounting filesystems. Only the superuser may
set such a password.
-rretries Sets how many additional attempts, after the
first, the user has to change the password.
The minimum and maximum lifetime of a password may be
specified in /etc/default/passwd. The various settings, and
their default values are:
RETRIES=4
The maximum number of repeated attempts to change a
password that has been rejected. This value should be
in the range from 0 to 10, inclusive.
ONETRY=YES
If set to YES, a rejected password is added to the
stop-list passed to goodpw. This prevents simplistic
modifications of a rejected password from being
accepted on a later attempt.
DESCRIBE=/usr/lib/goodpw/describe
The contents of this file are shown once (before the
new password is prompted for) and should describe the
the difference between acceptable and unacceptable
passwords.
SUMMARY=/usr/lib/goodpw/summary
The contents of this file are shown each time a
password is rejected, and should be a (short) reminder
of what are and are not acceptable passwords.
The values for the default settings may be changed to
reflect the system's security concerns. If
/etc/default/passwd does not exist or is not readable, the
above default values are used. If the DESCRIBE or SUMMARY
file defined in /etc/default/passwd does not exist or cannot
be read, an error message is issued and passwd exits. If no
DESCRIBE or SUMMARY file is defined and the above defaults
do not exist or cannot be read, short (and vague) messages
are issued instead.
Files
/etc/passwd
List of user accounts.
/etc/dpasswd
List of dialup passwords.
/etc/default/passwd
Configurable settings (see above).
/etc/auth/system/default
Default password restrictions.
/tcb/files/auth/[a-z]/*
See Also
default(M), goodpw(ADM), login(M), passwd(M)
Notes
If it is impossible to run goodpw, the checks for ``easy to
guess'' passwords are very rudimentary.
The -f option is mostly useful during installation to force
the newly-installed superuser to have a password.
Standards Conformance
passwd is conformant with:
AT&T SVID Issue 2, Select Code 307-127; and The X/Open
Portability Guide II of January 1987.
(printed 8/28/89) PASSWD(C)