HP-UX Reference (11i v3 07/02) - 1 User Commands N-Z (vol 2)
p
passwd(1) passwd(1)
The format of the display will be:
name status mm/dd/yy min max warn
or, if password aging information is not present
name status
where status means: PS =passworded ; LK =locked
; and NP =no password.
-a Display some password attributes for all users in the password file. The
-a option must be
used in conjunction with the
-s option, with no name specified. For
files, this is res-
tricted to superuser. For a more complete display of attributes use the
logins -x com-
mand.
Privileged User Options
A superuser can modify characteristics associated with the user name using the following options:
-d Allow user to login without a password by deleting it. This option unlocks/activates the
user account if found locked/deactivated.
-f Force user to change password upon next login by expiring the current password.
-h Modify the default home directory in the password file.
-l Lock user account. This option replaces the encrypted password with *.
-n min Determine the minimum number of days, min, that must transpire before the user can
change the password. If the -f option was used in a previous invocation of passwd to
immediately expire a password, the effect of the
-f option is cancelled. The effect of the
-f option is not cancelled if the -x option and -f option are specified on the same com-
mand line or if the system has been converted to a trusted system.
-w warn Specify the number of days, warn, prior to the password expiring when the user will be
notified that the password needs to be changed. This option is not allowed for systems that
are not using shadow passwords.
-x max Determine the maximum number of days, max, a password can remain unchanged. The
user must enter another password after that number of days has transpired, known as the
password expiration time. If the -f option was used in a previous invocation of passwd
to
immediately expire a password, the effect of the
-f option is cancelled, and the password
will not expire until max days. The effect of the -f option is not cancelled if the
-x option
and the
-f option are specified on the same command line or if the system has been con-
verted to a trusted system.
The min and max arguments are each represented in units of days. These arguments will be rounded up to
the nearest week on a standard HP-UX system. If the system is then converted to a trusted system, the
number of days will be based on those weeks. If only one of the two arguments is supplied, and the other
argument does not exist, then the number of days is set to zero.
Password Aging
The following description applies to all repositories except nis, which does not support password aging.
The system requires a minimum time to elapse before a password can be changed. This prevents reuse of
an old password within too brief a period of time. System warnings are displayed as the expiration time
approaches.
A password is no longer usable after a time period known as the password lifetime. After the lifetime
passes, the account is locked until it is re-enabled by a system administrator. Once unlocked, the user is
forced to change the password before using the account.
The -n min and -x max arguments are each represented in units of days. These arguments are
rounded up to the nearest week on a standard system. If only one of the two arguments is supplied and the
other argument does not exist, then the number of days is set to zero.
Default values may be set in the /etc/default/security file for the -n min
, -x max, and -w
warn
options. See security(4). The attributes to select password aging defaults are:
PASSWORD_MINDAYS
PASSWORD_MAXDAYS
HP-UX 11i Version 3: February 2007 − 2 − Hewlett-Packard Company 89