HP-UX Reference (11i v1 05/09) - 1 User Commands N-Z (vol 2)
p
passwd(1) passwd(1)
Therefore, the new dialog resembles:
Enter PIN:
New password:
Re-enter new password:
A Smart Card account can be shared among users. If one user modifies the password, other users must use
the scsync command to write the new password onto their cards.
The scpin command is used to change the Smart Card PIN.
SECURITY FEATURES
This section applies only to trusted systems. It describes additional capabilities and restrictions.
When passwd is invoked on a trusted system, the existing password is requested (if one is present). This
initiates the password solicitation dialog which depends upon the type of password generation (format pol-
icy) that has been enabled on the account doing the
passwd command. There are four possible options for
password generation:
Random syllables A pronounceable password made up of meaningless syllables.
Random characters An unpronounceable password made up of random characters from the
character set.
Random letters An unpronounceable password made up of random letters from the alpha-
bet.
User-supplied A user-supplied password, subject to length and triviality restrictions.
Passwords can be greater than eight characters, but it is recommended that they be less than 40 charac-
ters. System warnings are displayed if passwords lengths are either too long or short. The system
administrator can specify a maximum password length guideline for the system generated options (random
syllables, random characters, and random letters). The actual maximum password length depends upon
several parameters in the authentication database and in the algorithm.
The system requires a minimum time to elapse before a password can be changed. This prevents reuse of
an old password within an undesirable period of time.
A password expires after a period of time known as the expiration time. System warnings are displayed as
expiration time approaches.
A password dies after a time period known as the password lifetime. After the lifetime passes, the account
is locked until it is re-enabled by a system administrator. Once unlocked, the user is forced to change the
password before account use.
The system administrator can enable accounts without passwords. If a user account is allowed to function
without a password, the user can choose a null password by typing a carriage-return when prompted for a
new password.
The system administrator can enable the password history feature to discourage users from reusing previ-
ously used passwords. Refer to the security(4) manual page for detailed information on configurable param-
eters that affect the behavior of this command. The parameter for password history is:
PASSWORD_HISTORY_DEPTH
EXTERNAL INFLUENCES
International Code Set Support
Characters from single-byte character code sets are supported in passwords.
EXAMPLES
Change the password expiration date of user to 42 days in the files repository:
passwd -r files -x 42 user
Modify the minimum time between password changes of user1 to 7 days in the nisplus repository:
passwd -r nisplus -n 7 user1
Force user2 to establish a new password on the next login which will expire in 70 days and prohibit the
user from changing the password until 7 days have transpired:
Section 1−−688 Hewlett-Packard Company − 4 − HP-UX 11i Version 1: September 2005