Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ passwd(C) — OpenDesktop 1.0.0y

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

default(M)

goodpw(ADM)

login(M)

passwd(M)


     PASSWD(C)                                  UNIX System V



     Name
          passwd - change login or dialup shell password


     Syntax
          passwd [ -f device ] [ -r retries ] [ -d dialname ]

          passwd [name]

          passwd -s [name]

          passwd -l [-f] [-x max] [-n min] name

          passwd -d [-f] [-x max] [-n min] name

          passwd -s [-a]


     Description
          The passwd command changes the password  or  lists  password
          attributes  associated with the user's login name.  Although
          the passwd utility provides a command-line interface, it  is
          recommended that system administrators use the sysadmsh(ADM)
          Accounts  selection  to   administer   passwords.    Account
          administrator's   can   use  passwd  to  install  or  change
          passwords and attributes associated with any login name.

          When used to change a password, passwd prompts users who are
          authorized  to  change  their  own  passwords  for their old
          password.  (The administrator has  the  choice  of  allowing
          users  to  pick  their  own  passwords  or  have  the system
          generate passwords for them.)

          Passwords have three  levels  of  validity.   Passwords  are
          valid  until  their  expiration  time  is  reached.   When a
          password expires, if the user is allowed to do so, the  user
          is  prompted  to  change  their  password.  If users are not
          permitted to change their own  password,  the  administrator
          will have to assign a new password.

          Passwords are considered expired until their lifetime  ends.
          A  dead password causes a user account to be locked.  Only a
          system administrator can  remove  the  lock  on  the  user's
          account,  through the sysadmsh Accounts selection.  If users
          are not allowed to change passwords, a new password must  be
          assigned.

          To prevent password reuse, the Authentication  Administrator
          can  also  set  a  minimum change time on a password, before
          which a  user  may  not  change  passwords.   All  of  these
          parameters  may be changed on a system-wide (System Defaults
          database) and per-user (Protected Password database) basis.

          Assuming it has passed the aging requirements,  a  check  is
          made  to  ensure  that  the  new password meets construction
          requirements.  When the new password  is  entered  a  second
          time,  the  two copies of the new password are compared.  If
          the two copies are not identical the cycle of prompting  for
          the new password is repeated for at most two more times.

          Passwords  must  be  constructed  to  meet   the   following
          requirements:

               The minimum length of a password  is  recalculated  and
               depends  on the maximum password length and the minimum
               days between changes set on a user  or  system  default
               basis via sysadmsh.

               If check for obviousness is  yes,  each  password  must
               contain at least two alphabetic characters and at least
               one  numeric  or  special  character.   In  this  case,
               "alphabetic"  refers  to  all  uppercase  or  lowercase
               letters.

               Each password must differ from the  user's  login  name
               and  any  reverse or circular shift of that login name.
               For comparison purposes, an uppercase  letter  and  its
               corresponding  lowercase  letter  are equivalent.  (See
               goodpw(ADM)  for  a  thorough  explanation   of   these
               checks.)


          System  administrators  (users  with  the   auth   subsystem
          authorization)  may  change any password; hence, passwd does
          not prompt such users for the old  password.   The  password
          restrictions  on  the  administrator's  account apply to all
          passwords generated by the administrator for any account.

          Only authorized users may use the -s option to show password
          attributes for the login name.

          The format of the display will be

               name status mm/dd/yy min max

          or, if password aging information is not present,

               name status

          where:

          name        The login ID of the user.

          status      The password  status  of  name:  PS  stands  for
                      passworded  or locked, LK stands for locked, and
                      NP stands for no password.

          mm/dd/yy    The date password was last changed for name.

          min         The minimum  number  of  days  required  between
                      password changes for name.

          max         The maximum number of days the password is valid
                      for name.

          Only authorized users can use the following options:

          -l        Locks password entry for name.

          -d        Deletes password for name.  The user will  not  be
                    able  to  log in.  This option should not be used;
                    the sysadmsh Accounts selection should be used  to
                    change the password rather than remove it.

          -n        Set  minimum  field  for  name.   The  min   field
                    contains   the  minimum  number  of  days  between
                    password changes for name.  Always use this option
                    with  the  -x option (except when -x man is set to
                    -1) to ensure that aging is turned on.

          -x        Set  maximum  field  for  name.   The  max   field
                    contains  the  number of days that the password is
                    valid for name.  The aging for name will be turned
                    off  immediately if max is set to -1.  (Do not use
                    with the -n option.) If it is set to 0,  then  the
                    user is forced to change the password and aging is
                    turned off at the next day's login session.

          -a        Show password attributes  for  all  entries.   Use
                    only with -s option; name must not be provided.

          -f        Force the user to  change  password  at  the  next
                    login by expiring the password for name.

          -mdialname
                    Change the  password  for  dialup  shell  dialname
                    (listed  in  /etc/dpasswd).   If  dialname begins
                    with a slash (``/'') the entire  shell  name  must
                    match.   Otherwise  the  password  for every shell
                    whose basename is dialname is changed.  The format
                    of the dialup password file looks like this:
                    shell_name:encrypted_password
                    For    example,     /bin/csh,     /bin/sh,     and
                    /usr/lib/uucp/uucico   could   have  entries  with
                    separate  passwords.   Only  the  super-user   may
                    change a dialup shell password.

          -Fdevice  Change/create the password for  filesystem  device
                    (listed in /etc/default/filesys).  For example, to
                    create  a   password   for   mounting   the   root
                    filesystem, the following command is used:

                         passwd -F /dev/root

                    this password will then be  referenced  by  mnt(C)
                    for  mounting filesystems.  Only the superuser may
                    set such a password.

          -rretries Sets  how  many  additional  attempts,  after  the
                    first, the user has to change the password.

          The minimum and  maximum  lifetime  of  a  password  may  be
          specified in /etc/default/passwd.  The various settings, and
          their default values are:

          RETRIES=4
               The maximum number of repeated  attempts  to  change  a
               password  that has been rejected.  This value should be
               in the range from 0 to 10, inclusive.

          ONETRY=YES
               If set to YES, a rejected  password  is  added  to  the
               stop-list  passed  to goodpw.  This prevents simplistic
               modifications  of  a  rejected  password   from   being
               accepted on a later attempt.

          DESCRIBE=/usr/lib/goodpw/describe
               The contents of this file are shown  once  (before  the
               new  password  is prompted for) and should describe the
               the  difference  between  acceptable  and  unacceptable
               passwords.

          SUMMARY=/usr/lib/goodpw/summary
               The contents  of  this  file  are  shown  each  time  a
               password  is rejected, and should be a (short) reminder
               of what are and are not acceptable passwords.

        The values for  the  default  settings  may  be  changed  to
        reflect     the     system's    security    concerns.     If
        /etc/default/passwd does not exist or is not  readable,  the
        above default values are used. If the DESCRIBE or SUMMARY
        file defined in /etc/default/passwd does not exist or cannot
        be read, an error message is issued and passwd exits.  If no
        DESCRIBE or SUMMARY file is defined and the above defaults
        do  not  exist or cannot be read, short (and vague) messages
        are issued instead.


     Files
          /etc/passwd
               List of user accounts.

          /etc/dpasswd
               List of dialup passwords.

          /etc/default/passwd
               Configurable settings (see above).

          /etc/auth/system/default
               Default password restrictions.

          /tcb/files/auth/[a-z]/*


     See Also
          default(M), goodpw(ADM), login(M), passwd(M)


     Notes
          If it is impossible to run goodpw, the checks for ``easy  to
          guess'' passwords are very rudimentary.

          The -f option is mostly useful during installation to  force
          the newly-installed superuser to have a password.


     Standards Conformance
          passwd is conformant with:
          AT&T SVID Issue 2,  Select  Code  307-127;  and  The  X/Open
          Portability Guide II of January 1987.


     (printed 8/28/89)                                  PASSWD(C)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026