passwd(1) User Commands passwd(1)
NAME
passwd - change login password and password attributes
SYNOPSIS
passwd [ name ]
passwd [ -d | -l ] [ -f ] [ -n min ] [ -w warn ]
[ -x max ] name
passwd -s [ -a ]
passwd -s [ name ]
AVAILABILITY
SUNWcsu
DESCRIPTION
The passwd command changes the password or lists password
attributes associated with the user's login name. Addition-
ally, privileged-users may use passwd to install or change
passwords and attributes associated with any login name.
When used to change a password, passwd prompts ordinary
users for their old password, if any. It then prompts for
the new password twice. When the old password is entered,
passwd checks to see if it has "aged" sufficiently. If
"aging" is insufficient, passwd terminates; see pwconv(1M)
and shadow(4) for additional information. The pwconv com-
mand creates and updates /etc/shadow with information from
/etc/passwd. pwconv relies on a special value of 'x' in the
password field of /etc/passwd. This value of 'x' indicates
that the password for the user is already in /etc/shadow and
should not be modified.
Assuming aging is sufficient, a check is made to ensure that
the new password meets construction requirements. When the
new password is entered a second time, the two copies of the
new password are compared. If the two copies are not ident-
ical the cycle of prompting for the new password is repeated
for at most two more times.
Passwords must be constructed to meet the following require-
ments:
+o Each password must have at least six characters.
Only the first eight characters are significant.
PASSLENGTH is found in /etc/default/passwd and is
set to 6.
+o Each password must contain at least two alpha-
betic characters and at least one numeric or spe-
cial character. In this case, "alphabetic" refers
SunOS 5.4 Last change: 17 Mar 1994 1
passwd(1) User Commands passwd(1)
to all upper or lower case letters.
+o Each password must differ from the user's login
name and any reverse or circular shift of that
login name. For comparison purposes, an upper
case letter and its corresponding lower case
letter are equivalent.
+o New passwords must differ from the old by at
least three characters. For comparison purposes,
an upper case letter and its corresponding lower
case letter are equivalent.
Super-users (for instance, real and effective uid equal to
zero, see id(1M) and su(1M)) may change any password; hence,
passwd does not prompt privileged-users for the old pass-
word. Privileged-users are not forced to comply with pass-
word aging and password construction requirements. A
privileged-user can create a null password by entering a
carriage return in response to the prompt for a new pass-
word. (This differs from passwd -d because the "password"
prompt will still be displayed.)
Any user may use the -s option to show password attributes
for his or her own login name.
The format of the display will be:
name status mm/dd/yy min max warn
or, if password aging information is not present,
name status
where
name The login ID of the user.
status The password status of name: "PS" stands for
passworded or locked, "LK" stands for locked,
and "NP" stands for no password.
mm/dd/yy The date password was last changed for name.
(Note: All password aging dates are deter-
mined using Greenwich Mean Time and, there-
fore, may differ by as much as a day in other
time zones.)
min The minimum number of days required between
password changes for name. MINWEEKS is found
in /etc/default/passwd and is set to NULL.
max The maximum number of days the password is
valid for name. MAXWEEKS is found in
/etc/default/passwd and is set to NULL.
warn The number of days relative to max before the
password expires that the name will be
warned.
OPTIONS
Only a privileged-user can use the following options:
-a Show password attributes for all entries. Use
only with -s option; name must not be provided.
-d Deletes password for name. The login name will
not be prompted for password.
-f Force the user to change password at the next
login by expiring the password for name.
-l Locks password entry for name.
-s Show password attributes for the login name.
-n min Set minimum field for name. The min field con-
tains the minimum number of days between password
changes for name. If min is greater than max, the
user may not change the password. Always use this
option with the -x option, unless max is set to -1
(aging turned off). In that case, min need not be
set.
-w warn Set warn field for name. The warn field contains
the number of days before the password expires
that the user will be warned.
-x max Set maximum field for name. The max field con-
tains the number of days that the password is
valid for name. The aging for name will be turned
off immediately if max is set to -1. If it is set
to 0, then the user is forced to change the pass-
word at the next login session and aging is turned
off.
ENVIRONMENT
If any of the LC_* variables ( LC_CTYPE, LC_MESSAGES,
LC_TIME, LC_COLLATE, LC_NUMERIC, and LC_MONETARY ) (see
environ(5)) are not set in the environment, the operational
behavior of passwd for each corresponding locale category is
determined by the value of the LANG environment variable.
If LC_ALL is set, its contents are used to override both the
LANG and the other LC_* variables. If none of the above
variables is set in the environment, the "C" (U.S. style)
locale determines how passwd behaves.
LC_CTYPE Determines how passwd handles characters.
When LC_CTYPE is set to a valid value, passwd
can display and handle text and filenames
containing valid characters for that locale.
passwd can display and handle Extended Unix
Code (EUC) characters where any individual
character can be 1, 2, or 3 bytes wide.
passwd can also handle EUC characters of 1,
2, or more column widths. In the "C" locale,
only characters from ISO 8859-1 are valid.
LC_MESSAGES Determines how diagnostic and informative
messages are presented. This includes the
language and style of the messages, and the
correct form of affirmative and negative
responses. In the "C" locale, the messages
are presented in the default form found in
the program itself (in most cases, U.S.
English).
FILES
/etc/oshadow
/etc/passwd
/etc/shadow
/etc/default/passwd Default values can be set for the fol-
lowing flags in /etc/default/passwd.
For example: MAXWEEKS=26
MAXWEEKS Maximum time period that password
is valid.
MINWEEKS Minimum time period before the
password can be changed.
PASSLENGTH Minimum length of password, in
characters.
WARNWEEKS Time period until warning of date
of password's ensuing expiration.
SEE ALSO
finger(1), login(1), nispasswd(1), yppasswd(1),
domainname(1M), eeprom(1M), id(1M), passmgmt(1M),
pwconv(1M), su(1M), useradd(1M), userdel(1M), usermod(1M),
crypt(3C), getpwnam(3C), getspnam(3C), loginlog(4),
passwd(4), shadow(4), environ(5)
DIAGNOSTICS
The passwd command exits with one of the following values:
0 SUCCESS.
1 Permission denied.
2 Invalid combination of options.
3 Unexpected failure. Password file unchanged.
4 Unexpected failure. Password file(s) missing.
5 Password file(s) busy. Try again later.
6 Invalid argument to option.
SunOS 5.4 Last change: 17 Mar 1994
|
REPORTS
ANALYTICS
Follow 
