HP-UX Reference (11i v2 07/12) - 1 User Commands N-Z (vol 2)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

121

122

123

124

125

126

127

128

129

130

passwd(1) passwd(1)

NAME

passwd - change login password and associated attributes

SYNOPSIS

passwd [name]

passwd -r files [-F

ﬁle][name]

passwd -r files [-e [shell]] [

-gh][name]

passwd -r files -s [-a

]

passwd -r files -s [name]

passwd -r files [-d

-l][-f][-n min][-w warn][

-x max] name

passwd -r nis [-e

[shell]] [-gh][name]

passwd -r nisplus [-e [shell]] [

-gh][-D domain][name]

passwd -r nisplus -s [-a

]

passwd -r nisplus -s [-D domain][name]

passwd -r nisplus [-l][-f][-n min][

-w warn][-x max][-D domain] name

passwd -r dce [-e [shell]] [-gh][name]

DESCRIPTION

The

passwd command modiﬁes the password as well as the attributes associated with the login name.If

name is omitted, it defaults to the invoking user’s login name, which is determined using

getuid. See

getuid(2).

Ordinary users can only change passwords corresponding to their login name. If an old password has been

established, it is requested from the user. If valid, a new password is obtained. Once the new password is

entered, it is determined if the old password has "aged" sufﬁciently. If password aging is not sufﬁcient, the

new password is rejected and

passwd terminates. See passwd(4).

If password aging and construction requirements are met, the password is re-entered to ensure consistency.

If the new copy differs, passwd repeats the new password prompting cycle, at most twice.

A superuser, whose effective user ID is zero, (see id(1) and su(1)), is allowed to change any password and is

not forced to comply with password aging. Superusers are not prompted for old passwords, unless they are

attempting to change a superuser’s password in a trusted system. On untrusted systems, superusers are

not forced to comply with password construction requirements. Null passwords can be created by entering

a carriage return in response to the prompt for a new password.

For the

files (local system) repository, if no /etc/shadow ﬁle exists, then the encrypted password is

stored in the password ﬁeld of /etc/passwd . If the /etc/shadow ﬁle exists, then the encrypted pass-

word is stored there, and an ’x’ is added to the password ﬁeld of

/etc/passwd .

The DCE repository (

-r dce) is only available if Integrated Login has been conﬁgured. See

auth.adm(1M). If Integrated Login has been conﬁgured, other considerations apply. A user with appropri-

ate DCE privileges is capable of modifying a user’s password, shell, gecos or home directory and this is not

dependent upon superuser privileges.

If the repository is not speciﬁed, i.e. passwd [name], the password is changed in all existing repositories

conﬁgured in /etc/nsswitch.conf. If password options are used, and no repository is speciﬁed, the

default repository is files.

Options

The following options are recognized:

-D domain Use the passwd.org_dir in the speciﬁed domain. This option is for nisplus reposi-

tories only. If not speciﬁed, the default domain is returned.

-e shell Modify the default shell for the user’s login name in the password ﬁle. If the shell is not

provided, the user will be prompted to enter the default login shell.

-F name The default password ﬁle is /etc/passwd . The -F option can be used to choose an alter-

nate password ﬁle, where read and write permissions are required. This option is only

available using the files repository, and it is not intended for trusted mode.

126 Hewlett-Packard Company − 1 − HP-UX 11i Version 2: December 2007 Update