HP-UX Reference (11i v2 07/12) - 1 User Commands N-Z (vol 2)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

121

122

123

124

125

126

127

128

129

130

passwd(1) passwd(1)

hpux.security.password, delete

Allows a user to use the -d option to delete the password of any non-root user.

hpux.security.password, display

Allows a user to use the -s option to display the password attributes for any user.

hpux.security.password, expire

Allows a user to use the -f

option to expire the password of any non-root user.

hpux.security.password, gecos

Allows a user to use the -g

option (or chfn) to modify the gecos information for any non-root user.

hpux.security.password, homedir

Allows a user to use the -h option to change the home directory for any non-root user.

hpux.security.password, lock

Allows a user to use the -l option to lock the account of any non-root user.

hpux.security.password, maxage

Allows a user to use the -x

option to specify the expiration time of a password for any non-root user.

hpux.security.password, minage

Allows a user to use the -n option to specify, for non-root users, the minimum number of days that

must transpire before a password can be changed.

hpux.security.password, shell

Allows a user to use the -e option (or chsh) to change the default shell for any non-root user.

hpux.security.password, warndate

Allows a user to use the -w option to specify, for non-root users, the number of days prior to a

password’s expiration that the user will be notiﬁed.

Smart Card Login

If the user account is conﬁgured to use a Smart Card, the user password is stored in the card. This pass-

word has characteristics identical to a normal password stored on the system.

The Smart Card must be inserted into the Smart Card reader. The user is prompted for a PIN instead of a

password during authentication.

Enter PIN:

The password is retrieved automatically from the Smart Card when a valid PIN is entered. Therefore, it is

not necessary to know the password, only the PIN.

If the system retrieves a valid old password from the card, a new password is requested (twice). If the new

password meets all requirements, the system automatically overwrites the old password stored on the card

with the new password.

Therefore, the new dialog resembles:

Enter PIN:

New password:

Re-enter new password:

A Smart Card account can be shared among users. If one user modiﬁes the password, other users must use

the scsync command to write the new password onto their cards.

The scpin command is used to change the Smart Card PIN.

SECURITY FEATURES

This section applies only to trusted systems. It describes additional capabilities and restrictions.

When passwd is invoked on a trusted system, the existing password is requested (if one is present). This

initiates the password solicitation dialog which depends upon the type of password generation (format pol-

icy) that has been enabled on the account doing the passwd command. There are four possible options for

password generation:

Random syllables A pronounceable password made up of meaningless syllables.

Random characters An unpronounceable password made up of random characters from the

character set.

HP-UX 11i Version 2: December 2007 Update − 4 − Hewlett-Packard Company 129