HP-UX Reference (11i v1 05/09) - 1 User Commands N-Z (vol 2)
n
nispasswd(1) nispasswd(1)
NAME
nispasswd - change NIS+ password information
SYNOPSIS
nispasswd [ -ghs ][-D
domainname ][username ]
nispasswd -a
nispasswd -D
domainname ][-d
[ username ]]
nispasswd [ -l ][-f
][-n min ][-x max ][-w warn ][
-D domainname ] username
DESCRIPTION
nispasswd changes a password, gecos (finger) field (
-goption), home directory (-hoption), or login shell
(
-soption) associated with the username (invoker by default) in the NIS+ passwd table.
Additionally, the command can be used to view or modify aging information associated with the user
specified if the invoker has the right NIS+ privileges.
nispasswd uses secure RPC to communicate with the NIS+ server, and therefore, never sends unen-
crypted passwords over the communication medium.
nispasswd does not read or modify the local password information stored in the /etc/passwd file.
When used to change a password,
nispasswd prompts non-privileged users for their old password. It
then prompts for the new password twice to forestall typing mistakes. When the old password is entered,
nispasswd checks to see if it has aged sufficiently. If aging is insufficient,
nispasswd terminates; see
getpwent(3C).
The old password is used to decrypt the username’s secret key. If the password does not decrypt the secret
key,
nispasswd prompts for the old secure-RPC password. It uses this password to decrypt the secret
key. If this fails, it gives the user one more chance. The old password is also used to ensure that the new
password differs from the old by at least three characters. Assuming aging is sufficient, a check is made to
ensure that the new password meets construction requirements described below. When the new password
is entered a second time, the two copies of the new password are compared. If the two copies are not identi-
cal, the cycle of prompting for the new password is repeated twice. The new password is used to re-encrypt
the user’s secret key. Hence, it also becomes their secure-RPC password.
Passwords must be constructed to meet the following requirements:
• Each password must have at least six characters. Only the first eight characters are significant.
• Each password must contain at least two alphabetic characters and at least one numeric or spe-
cial character. In this case, "alphabetic" refers to all upper or lower case letters.
• Each password must differ from the user’s login username and any reverse or circular shift of
that login username. For comparison purposes, an upper case letter and its corresponding lower
case letter are equivalent.
• New passwords must differ from the old by at least three characters. For comparison purposes,
an upper case letter and its corresponding lower case letter are equivalent.
Network administrators, who own the NIS+ password table, may change any password attributes if they
establish their credentials (see keylogin(1)) before invoking
nispasswd. Hence, nispasswd does not
prompt these privileged-users for the old password and they are not forced to comply with password aging
and password construction requirements.
Any user may use the -d option to display password attributes for his or her own login name. The format
of the display will be:
username status mm/dd/yy min max warn
or, if password aging information is not present,
username status
where
username The login ID of the user.
status The password status of username: "PS" stands for password exists or locked, "LK" stands for
locked, and "NP" stands for no password.
Section 1−−636 Hewlett-Packard Company − 1 − HP-UX 11i Version 1: September 2005