Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ passwd(1) — Interactive 3.2r4.1

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

login(1)

id(1M)

passmgmt(1M)

pwconv(1M)

su(1M)

crypt(3C)

passwd(4)

passwd(1)  —  

NAME

passwd − change login password and password attributes

SYNOPSIS

passwd [name]

passwd −s [name]

passwd −l [−f] [−x max] [−n min] name

passwd −d [−f] [−x max] [−n min] name

passwd −s [−a]

DESCRIPTION

The passwd command changes the password or lists password attributes associated with the user’s login name. Additionally, superusers may use passwd to install or change passwords and attributes associated with any login name. (Options relating to password attributes are only available on systems using the /etc/shadow security feature.) 

When used to change a password, passwd prompts ordinary users for their old password, if any.  It then prompts for the new password twice.  When the old password is entered, passwd checks to see if it has "aged" sufficiently.  If "aging" is insufficient, passwd terminates; see passwd(4). 

If the user’s password aging has not been turned on, then password aging is turned on for the user using the MAXWEEK and MINWEEK parameters in /etc/default/passwd.  If password aging is turned on, the password aging information in /etc/shadow remains unmodified. 

Assuming aging is sufficient, a check is made to ensure that the new password meets construction requirements.  When the new password is entered a second time, the two copies of the new password are compared.  If the two copies are not identical the cycle of prompting for the new password is repeated for at most two more times. 

Passwords must be constructed to meet the following requirements:

Each password must have at least PASSLENGTH characters as set in /etc/default/passwd.  PASSLENGTH must contain a minimum of three characters, but only the first eight characters are significant.  Each password must contain at least two alphabetic characters and at least one numeric or special character. In this case, “alphabetic” refers to all uppercase or lowercase letters. Each password must differ from the user’s login name and any reverse or circular shift of that login name. For comparison purposes, an uppercase letter and its corresponding lowercase letter are equivalent. New passwords must differ from the old by at least three characters. For comparison purposes, an uppercase letter and its corresponding lowercase letter are equivalent.

Superusers (e.g., real and effective uid equal to zero, see id(1M) and su(1M)) may change any password; hence, passwd does not prompt superusers for the old password.  Superusers are not forced to comply with password aging and password construction requirements.  A superuser can create a null password by entering a carriage return in response to the prompt for a new password.  (This differs from passwd −d because the "password" prompt will still be displayed.) 

Any user may use the −s option to show password attributes for the login name.

The format of the display will be

name status mm/dd/yy min max

or, if password aging information is not present,

name status

where:

name The login ID of the user. 

status The password status of name: PS stands for passworded or locked, LK stands for locked, and NP stands for no password. 

mm/dd/yy The date password was last changed for name. 

min The minimum number of days required between password changes for name. 

max The maximum number of days the password is valid for name. 

Only a superuser can use the following options:

−l Locks password entry for name. 

−d Deletes password for name.  The login name will not be prompted for password. 

−n Set minimum field for name.  The min field contains the minimum number of days between password changes for name.  Always use this option with the −x option (except when −x man is set to −1) to insure that aging is turned on. 

−x Set maximum field for name.  The max field contains the number of days that the password is valid for name.  The aging for name will be turned off immediately if max is set to −1.  (Do not use with the −n option.)  If it is set to 0, then the user is forced to change the password and aging is turned off at the next day’s login session. 

−a Show password attributes for all entries.  Use only with −s option; name must not be provided. 

−f Force the user to change password at the next login by expiring the password for name. 

FILES

/etc/passwd
/etc/shadow
/etc/opasswd
/etc/oshadow
/etc/default/passwd

SEE ALSO

login(1), id(1M), passmgmt(1M), pwconv(1M), su(1M).  crypt(3C), passwd(4) in the INTER­ACTIVE SDS Guide and Programmer’s Reference Manual. 

DIAGNOSTICS

The passwd command exits with one of the following values:

0SUCCESS. 

1Permission denied. 

2Invalid combination of options. 

3Unexpected failure.  Password file unchanged. 

4Unexpected failure.  Password file(s) missing. 

5Password file(s) busy.  Try again later. 

6Invalid argument to option. 

WARNING

If root deletes a password for a user with the passwd −d command, and password aging is in effect for that user, the user will not be allowed to add a new password until the NULL password has been aged.  This is true even if the PASSREQ flag in /etc/default/login is set to YES.  This results in a user without a password.  It is recommended that the −f option be used whenever the −d (delete) option is used.  This will force a user to change the password at next login. 

ADDED VALUE

This entry, supplied by INTERACTIVE Systems Corporation, contains enhancements to UNIX System V. 

\*U  —  Version 1.0

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026