Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ passwd(1) — NEWS-os 5.0.1

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

login(1)

crypt(3C)

passwd(4)

shadow(4)

useradd(1M)

usermod(1M)

userdel(1M)

id(1M)

passmgmt(1M)

pwconv(1M)

su(1M)



passwd(1)                USER COMMANDS                  passwd(1)



NAME
     passwd - change login password and password attributes

SYNOPSIS
     passwd [ name ]

     passwd [ -l | -d ] [ -f ] [ -n min ] [ -x max ] [ -w warn  ]
     name

     passwd -s [ -a ]

     passwd -s [ name ]

DESCRIPTION
     The passwd command changes the password  or  lists  password
     attributes associated with the user's login name.  Addition-
     ally, privileged-users may use passwd to install  or  change
     passwords  and  attributes  associated  with any login name.
     When used to change  a  password,  passwd  prompts  ordinary
     users  for  their old password, if any.  It then prompts for
     the new password twice. When the old  password  is  entered,
     passwd  checks  to  see  if  it  has "aged" sufficiently. If
     "aging" is insufficient, passwd terminates;  see  shadow(4).
     Assuming aging is sufficient, a check is made to ensure that
     the new password meets construction requirements.  When  the
     new password is entered a second time, the two copies of the
     new password are compared.  If the two copies are not ident-
     ical the cycle of prompting for the new password is repeated
     for at most two more times.  Passwords must  be  constructed
     to meet the following requirements:

          Each password must have at least six characters.   Only
          the first eight characters are significant.  PASSLEN is
          found in /etc/default/passwd and is  set  to  6.   Each
          password  must  contain at least two alphabetic charac-
          ters and at least one numeric or special character.  In
          this  case,  "alphabetic"  refers to all upper or lower
          case letters.   Each  password  must  differ  from  the
          user's  login name and any reverse or circular shift of
          that login name.  For  comparison  purposes,  an  upper
          case letter and its corresponding lower case letter are
          equivalent.  New passwords must differ from the old  by
          at least three characters.  For comparison purposes, an
          upper case letter  and  its  corresponding  lower  case
          letter are equivalent.
     Super-users (e.g., real and effective uid equal to zero, see
     id(1M)  and  su(1M))  may change any password; hence, passwd
     does not  prompt  privileged-users  for  the  old  password.
     Privileged-users  are  not  forced  to  comply with password
     aging   and   password   construction    requirements.     A
     privileged-user  can  create  a  null password by entering a
     carriage  return  in  response  to  the  prompt  for  a  new



                                                                1





passwd(1)                USER COMMANDS                  passwd(1)



     password.   (This  differs from passwd -d because the "pass-
     word" prompt will still be displayed.)  Any user may use the
     -s  option  to  show  password attributes for his or her own
     login name.  The format of the display will be:
          name status mm/dd/yy min max warn
     or, if password aging information is not present,
          name status
     where

     name        The login ID of the user.

     status      The password status of  name:  "PS"  stands  for
                 passworded  or  locked,  "LK" stands for locked,
                 and "NP" stands for no password.

     mm/dd/yy    The date password was  last  changed  for  name.
                 (Note  that  all password aging dates are deter-
                 mined using Greenwich Mean Time and,  therefore,
                 may  differ  by  as  much as a day in other time
                 zones.)

     min         The minimum  number  of  days  required  between
                 password  changes for name. MINWEEKS is found in
                 /etc/default/passwd and is set to NULL.

     max         The maximum number of days the password is valid
                 for     name.     MAXWEEKS     is    found    in
                 /etc/default/passwd and is set to NULL.

     warn        The number of days relative to  max  before  the
                 password  expires  that the name will be warned.
                 Only a privileged-user  can  use  the  following
                 options:

     -l        Locks password entry for name.

     -d        Deletes password for name.  The  login  name  will
               not be prompted for password.

     -n        Set minimum field for name.  The  min  field  con-
               tains  the minimum number of days between password
               changes for name.  If min is greater than max, the
               user may not change the password.  Always use this
               option with the -x option, unless max is set to -1
               (aging turned off).  In that case, min need not be
               set.

     -x        Set maximum field for name.  The  max  field  con-
               tains  the  number  of  days  that the password is
               valid for name.  The aging for name will be turned
               off immediately if max is set to -1.  If it is set
               to 0, then  the  user  is  forced  to  change  the



                                                                2





passwd(1)                USER COMMANDS                  passwd(1)



               password  at  the  next login session and aging is
               turned off.

     -w        Set warn field for name.  The warn field  contains
               the  number  of  days  before the password expires
               that the user will be warned.

     -a        Show password attributes  for  all  entries.   Use
               only with -s option; name must not be provided.

     -f        Force the user to  change  password  at  the  next
               login by expiring the password for name.

FILES
     /etc/shadow, /etc/passwd, /etc/oshadow

SEE ALSO
     login(1).
     crypt(3C), passwd(4), shadow(4) in the  Programmer's  Refer-
     ence Manual.
     useradd(1M), usermod(1M), userdel(1M), id(1M), passmgmt(1M),
     pwconv(1M),  su(1M), in the System Administrator's Reference
     Manual.

DIAGNOSTICS
     The passwd command exits with one of the following values:

     0         SUCCESS.

     1         Permission denied.

     2         Invalid combination of options.

     3         Unexpected failure.  Password file unchanged.

     4         Unexpected failure.  Password file(s) missing.

     5         Password file(s) busy.  Try again later.

     6         Invalid argument to option.















                                                                3



Typewritten Software • bear@typewritten.org • Edmonds, WA 98026