passwd.1 (2010 09)
p
passwd(1) passwd(1)
The format of the display will be:
name status mm/dd/yy min max warn
or, if password aging information is not present
name status
where status means: PS =passworded; LK =locked
; and NP =no password.
-a Display some password attributes for all users in the password file. The
-a option must
be used in conjunction with the
-s
option, with no name specified. For files, this is
restricted to superuser. For a more complete display of attributes use the
logins -x
command.
Privileged User Options
A superuser can modify characteristics associated with the user name using the following options:
-d Allow user to login without a password by deleting it. This option unlocks/activates the
user account if found locked/deactivated.
-f Force user to change password upon next login by expiring the current password.
-h Modify the default home directory in the password file.
-l Lock user account. This option replaces the encrypted password with *.
-n min Determine the minimum number of days, min, that must transpire before the user can
change the password. If the -f option was used in a previous invocation of passwd to
immediately expire a password, the effect of the -f option is cancelled. The effect of the
-f option is not cancelled if the -x option and -f option are specified on the same com-
mand line or if the system has been converted to a trusted system.
-w warn Specify the number of days, warn, prior to the password expiring when the user will be
notified that the password needs to be changed. This option is not allowed for systems
that are not using shadow passwords.
-x max Determine the maximum number of days, max, a password can remain unchanged. The
user must enter another password after that number of days has transpired, known as
the password expiration time . If the -f option was used in a previous invocation of
passwd to immediately expire a password, the effect of the -f option is cancelled, and
the password will not expire until max days. The effect of the -f option is not cancelled
if the -x option and the -f option are specified on the same command line or if the sys-
tem has been converted to a trusted system.
The min and max arguments are each represented in units of days. These arguments will be rounded up
to the nearest week on a standard HP-UX system. If the system is then converted to a trusted system,
the number of days will be based on those weeks. If only one of the two arguments is supplied, and the
other argument does not exist, then the number of days is set to zero.
If patch PHCO_36523 or later is installed, then for systems using shadow passwords the rounding of
password aging arguments can be suppressed by creating the file
/etc/default/DO_NOT_ROUND_PW_AGING. If this file exists, then the
passwd command does not
round the
-x, -n, and -w argument values to a multiple of a week. The use of this file is specific to this
release; in a future release the behavior of the passwd command will be changed to never round aging
values for systems that are using shadow passwords.
Password Aging
The following description applies to all repositories except nis, which does not support password aging.
The system requires a minimum time to elapse before a password can be changed. This prevents reuse of
an old password within too brief a period of time. System warnings are displayed as the expiration time
approaches.
A password is no longer usable after a time period known as the password lifetime . After the lifetime
passes, the account is locked until it is re-enabled by a system administrator. Once unlocked, the user is
forced to change the password before using the account.
The
-n min and -x max arguments are each represented in units of days. These arguments are
rounded up to the nearest week on a standard system. If only one of the two arguments is supplied and
the other argument does not exist, then the number of days is set to zero.
2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: September 2010