193 lines
6.0 KiB
Groff
193 lines
6.0 KiB
Groff
.\" $NetBSD: passwd.1,v 1.16 2000/09/21 11:13:06 ad Exp $
|
|
.\"
|
|
.\" Copyright (c) 1990, 1993
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by the University of
|
|
.\" California, Berkeley and its contributors.
|
|
.\" 4. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" from: @(#)passwd.1 8.1 (Berkeley) 6/6/93
|
|
.\"
|
|
.Dd June 6, 1993
|
|
.Dt PASSWD 1
|
|
.Os
|
|
.Sh NAME
|
|
.Nm passwd ,
|
|
.Nm yppasswd ,
|
|
.Nm kpasswd
|
|
.Nd modify a user's password
|
|
.Sh SYNOPSIS
|
|
.Nm passwd
|
|
.Op Fl l
|
|
.Op Ar user
|
|
.Nm passwd
|
|
.Op Fl y
|
|
.Op Ar user
|
|
.Nm passwd
|
|
.Op Fl 4
|
|
.Op Fl k
|
|
.Op Fl i Ar instance
|
|
.Op Fl r Ar realm
|
|
.Op Fl u Ar fullname
|
|
.Op Ar user
|
|
.Nm passwd
|
|
.Op Fl 5
|
|
.Op Fl k
|
|
.Op Fl u Ar fullname
|
|
.Op Ar user
|
|
.Nm kpasswd
|
|
.Op Fl 4
|
|
.Op Fl k
|
|
.Op Fl i Ar instance
|
|
.Op Fl r Ar realm
|
|
.Op Fl u Ar fullname
|
|
.Op Ar user
|
|
.Nm kpasswd
|
|
.Op Fl 5
|
|
.Op Fl k
|
|
.Op Fl u Ar fullname
|
|
.Op Ar user
|
|
.Nm yppasswd
|
|
.Op Ar user
|
|
.Sh DESCRIPTION
|
|
.Nm
|
|
changes the user's local, YP, or kerberos password. First, the user is
|
|
prompted for their current password.
|
|
If the current password is correctly typed, a new password is
|
|
requested.
|
|
The new password must be entered twice to avoid typing errors.
|
|
.Pp
|
|
The new password should be at least six characters long and not
|
|
purely alphabetic.
|
|
Its total length must be less than
|
|
.Dv _PASSWORD_LEN
|
|
(currently 128 characters).
|
|
Numbers, upper case letters and meta characters
|
|
are encouraged.
|
|
.Pp
|
|
In the case of where the local password is being changed, and the existing
|
|
password (if any) has expired or is due to expire, the user will be forced
|
|
to set a different password than the one currently in use. The password is
|
|
considered due to expire if it will expire within
|
|
.Dv _PASSWORD_WARNDAYS
|
|
(currently 14 days) or the configured time from the user's login class.
|
|
.Pp
|
|
All options may not be available on all systems.
|
|
.Bl -tag -width flag
|
|
.It Fl l
|
|
This option causes the password to be updated only in the local
|
|
password file. When changing only the local password,
|
|
.Xr pwd_mkdb 8
|
|
is used to update the password databases.
|
|
.It Fl y
|
|
This forces the YP password database entry to be changed, even if
|
|
the user has an entry in the local database. The
|
|
.Xr rpc.yppasswdd 8
|
|
daemon should be running on the YP master server.
|
|
.Nm yppasswd
|
|
is the equivalent of
|
|
.Nm
|
|
with the
|
|
.Fl y
|
|
flag.
|
|
.It Fl 4
|
|
This option causes passwd to change the user's kerberos password,
|
|
using the kerberos 4 admin protocol.
|
|
.It Fl 5
|
|
This option causes passwd to change the user's kerberos password,
|
|
using the kerberos 5 admin protocol.
|
|
.It Fl k
|
|
This option causes passwd to change the user's kerberos password,
|
|
using either the kerberos 4 or kerberos 5 admin protocol.
|
|
If both kerberos 4 and kerberos 5 libraries and config files are
|
|
installed on the host, kerberos 5 will be used to change the password.
|
|
.Nm kpasswd
|
|
is the equivalent of
|
|
.Nm
|
|
with the
|
|
.Fl k
|
|
flag.
|
|
.It Fl i Ar instance
|
|
This option selects a non-default Kerberos 4 instance for the
|
|
Kerberos password to be changed.
|
|
.It Fl r Ar realm
|
|
This option selects a non-default Kerberos 4 realm for the Kerberos
|
|
password to be changed.
|
|
.It Fl u Ar fullname
|
|
This option specifies the entire principal.instance@realm (for Kerberos
|
|
4) or principal/instance@realm (for Kerberos 5) for the Kerberos
|
|
password to be changed.
|
|
.El
|
|
.Pp
|
|
This is the behavior if no flags are specified:
|
|
If Kerberos is active then
|
|
.Nm
|
|
will talk to the Kerberos server, attempting to use Kerberos 5, then
|
|
Kerberos 4 protocols to change the password (even if the user has an
|
|
entry in the local database.)
|
|
If Kerberos is unavailable, an attempt is made to use the YP database.
|
|
If the password is not in the YP database, then
|
|
an attempt is made to use the local password database.
|
|
.Pp
|
|
The super-user is not required to provide a user's current password if only
|
|
the local password is modified. If a local password has expired, the
|
|
super-user is not required to set a password that differs from the existing
|
|
one.
|
|
.Pp
|
|
The type of cipher used to encrypt the password depends on the configuration
|
|
in
|
|
.Xr passwd.conf 5 .
|
|
It can be different for local and YP passwords.
|
|
.Sh FILES
|
|
.Bl -tag -width /etc/master.passwd -compact
|
|
.It Pa /etc/master.passwd
|
|
The user database
|
|
.It Pa /etc/passwd
|
|
A Version 7 format password file
|
|
.It Pa /etc/passwd.XXXXXX
|
|
Temporary copy of the password file
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr chpass 1 ,
|
|
.Xr login 1 ,
|
|
.Xr login.conf 5 ,
|
|
.Xr passwd 5 ,
|
|
.Xr passwd.conf 5 ,
|
|
.Xr pwd_mkdb 8 ,
|
|
.Xr vipw 8
|
|
.Rs
|
|
.%A Robert Morris
|
|
.%A Ken Thompson
|
|
.%T "UNIX password security"
|
|
.Re
|
|
.Sh HISTORY
|
|
A
|
|
.Nm
|
|
command appeared in
|
|
.At v6 .
|