HP-UX Reference (11i v1 00/12) - 1 User Commands N-Z (vol 2)
__________________________________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________________________________________
STANDARD Printed by: Nora Chuang [nchuang] STANDARD
/build/1111/BRICK/man1/neqn.1
________________________________________________________________
___ ___
p
passwd(1) passwd(1)
• A new password must differ from the old one by at least three characters (one character for non super
user if changed by the super user in a trusted system).
Repository Configuration
The /etc/nsswitch.conf file specifies the repositories for which the password must be modified. The
following configurations are supported:
• passwd: files
• passwd: files nisplus
• passwd: files nis
• passwd: compat (--> files nis)
• passwd: compat (--> files nisplus)
• passwd_compat: nisplus
Smart Card Login
If the user account is configured to use a Smart Card, the user password is stored in the card. This pass-
word has characteristics identical to a normal password stored on the system.
The Smart Card must be inserted into the Smart Card reader. The user is prompted for a PIN instead of a
password during authentication.
Enter PIN:
The password is retrieved automatically from the Smart Card when a valid PIN is entered. Therefore, it is
not necessary to know the password, only the PIN.
If the system retrieves a valid old password from the card, a new password is requested (twice). If the new
password meets all requirements, the system automatically overwrites the old password stored on the card
with the new password.
Therefore, the new dialog resembles:
Enter PIN:
New password:
Re-enter new password:
A Smart Card account can be shared among users. If one user modifies the password, other users must use
the scsync command to write the new password onto their cards.
The scpin command is used to change the Smart Card PIN.
SECURITY FEATURES
This section applies only to trusted systems. It describes additional capabilities and restrictions.
When passwd is invoked on a trusted system, the existing password is requested (if one is present). This
initiates the password solicitation dialog which depends upon the type of password generation (format pol-
icy) that has been enabled on the account doing the passwd command. There are four possible options for
password generation:
Random syllables A pronounceable password made up of meaningless syllables.
Random characters An unpronounceable password made up of random characters from the
character set.
Random letters An unpronounceable password made up of random letters from the alpha-
bet.
User-supplied A user-supplied password, subject to length and triviality restrictions.
Passwords can be greater than eight characters, but it is recommended that they be less than 40 charac-
ters. System warnings are displayed if passwords lengths are either too long or short. The system
administrator can specify a maximum password length guideline for the system generated options (random
syllables, random characters, and random letters). The actual maximum password length depends upon
several parameters in the authentication database and in the algorithm.
The system requires a minimum time to elapse before a password can be changed. This prevents reuse of
an old password within an undesirable period of time.
HP-UX Release 11i: December 2000 − 3 − Section 1−−647
___
___