passwd.1 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

passwd(1) passwd(1)

NAME

passwd - change login password and associated attributes

SYNOPSIS

passwd [name]

passwd -r files [-F ﬁle][name]

passwd -r files [-e

[shell ]] [-gh][name]

passwd -r files -s [-a

]

passwd -r files -s [name]

passwd -r files [-d

-l][-f][-n min][-w warn][

-x max] name

passwd -r nis [-e [shell ]] [

-gh][name]

passwd -r dce [-e [shell ]] [

-gh][name]

DESCRIPTION

The

passwd command modiﬁes the password as well as the attributes associated with the login name.If

name is omitted, it defaults to the invoking user’s login name, which is determined using

getuid. See

getuid (2).

Ordinary users can only change passwords corresponding to their login name. If an old password has

been established, it is requested from the user. If valid, a new password is obtained. Once the new pass-

word is entered, it is determined if the old password has "aged" sufﬁciently. If password aging is not

sufﬁcient, the new password is rejected and

passwd terminates. See passwd (4).

If password aging and construction requirements are met, the password is re-entered to ensure con-

sistency. If the new copy differs,

passwd repeats the new password prompting cycle, at most twice.

A superuser, whose effective user ID is zero, (see id(1) and su(1)), is allowed to change any password and

is not forced to comply with password aging. On a trusted system, superusers are prompted for old pass-

words. On standard systems, superusers are not forced to comply with password construction require-

ments. Refer also to the Password Construction Requirements section of this manpage. Null passwords

can be created by entering a carriage return in response to the prompt for a new password.

For the

files (local system) repository, if no /etc/shadow ﬁle exists, then the encrypted password is

stored in the password ﬁeld of /etc/passwd. If the /etc/shadow ﬁle exists, then the encrypted pass-

word is stored there, and an ’x’ is added to the password ﬁeld of

/etc/passwd.

The DCE repository (

-r dce) is only available if Integrated Login has been conﬁgured. See

auth.adm (1M). If Integrated Login has been conﬁgured, other considerations apply. A user with

appropriate DCE privileges is capable of modifying a user’s password, shell, gecos or home directory and

this is not dependent upon superuser privileges.

If the repository is not speciﬁed, that is,

passwd [name], the password is changed in all existing reposi-

tories conﬁgured in /etc/nsswitch.conf. If password options are used, and no repository is

speciﬁed, the default repository is files.

Options

The following options are recognized:

-e shell Modify the default shell for the user’s login name in the password ﬁle. If the shell is not

provided, the user will be prompted to enter the default login shell.

-F name The default password ﬁle is /etc/passwd. The -F option can be used to choose an

alternate password ﬁle, where read and write permissions are required. This option is

only available when using the files repository, and it is not intended for trusted mode.

-g Change the gecos information in the password ﬁle, which is used by the finger com-

mand. The user is prompted for each subﬁeld: name, location, work phone, and home

phone.

-r repository Specify the repository to which the operation is to be applied. Supported repositories

include files, nis, and dce. If repository is not speciﬁed, the default is files.

-s name Display some password attributes associated with the speciﬁed name. Superuser

privilege is required if the files repository is speciﬁed.

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (6 pages)

PAGE 1
passwd(1) passwd(1) NAME passwd - change login password and associated attributes SYNOPSIS passwd [name] passwd -r files [-F file] [name] passwd -r files [-e [shell ] ] [-gh] [name] passwd -r files -s [-a] passwd -r files -s [name] passwd -r files [-d-l] [-f] [-n min] [-w warn] [-x max] name passwd -r nis [-e [shell ] ] [-gh] [name] passwd -r dce [-e [shell ] ] [-gh] [name] DESCRIPTION The passwd command modifies the password as well as the attributes associated with the login name.
PAGE 2
passwd(1) passwd(1) The format of the display will be: name status mm/dd/yy min max warn or, if password aging information is not present name status where status means: PS =passworded; LK =locked; and NP =no password. -a Display some password attributes for all users in the password file. The -a option must be used in conjunction with the -s option, with no name specified. For files, this is restricted to superuser. For a more complete display of attributes use the logins -x command.
PAGE 3
passwd(1) passwd(1) Default values may be set in the /etc/default/security file for the -n min, -x max, and -w warn options. See security (4). The attributes to select password aging defaults are: PASSWORD_MINDAYS PASSWORD_MAXDAYS PASSWORD_WARNDAYS Password Construction Requirements Passwords must be constructed to meet the following requirements: • On a standard system, only the first eight characters of a password are significant.
PAGE 4
passwd(1) passwd(1) hpux.security.password, shell Allows a user to use the -e option (or chsh) to change the default shell of any non-root user. hpux.security.password, warndate Allows a user to use the -w option to specify, for non-root users, the number of days prior to a password’s expiration that the user will be notified. Smart Card Login If the user account is configured to use a Smart Card, the user password is stored in the card.
PAGE 5
passwd(1) passwd(1) The system administrator can enable the password history feature to discourage users from reusing previously used passwords. Refer to the security (4) manual page for detailed information on configurable attributes that affect the behavior of this command. The attribute for password history is: PASSWORD_HISTORY_DEPTH EXTERNAL INFLUENCES International Code Set Support Characters from single-byte character code sets are supported in passwords.
PAGE 6
(Notes) A (Notes) pA 6 Hewlett-Packard Company −1− HP-UX 11i Version 3: September 2010