hpux 10.20 - passwd (1)
NAME
passwd - change login password
SYNOPSIS
passwd [-F file] [name]
passwd [-f] [-n min] [-x max] [-w warn] name
DESCRIPTION
The passwd command installs or changes the password associated with
the login name. If name is omitted, it defaults to the invoking
user's login name. passwd uses getlogin(3C) to determine the invoking
user's name.
The default password file is /etc/passwd. You can use the -F option
to choose an alternate password file. You must have read and write
permission for the alternate file.
Ordinary users can change only the password corresponding to their own
login name. If there is an old password, passwd prompts for it. Then
it prompts for the new password twice. The first time the new
password is entered, passwd checks to see if the old password has
"aged" sufficiently. If "aging" is insufficient, the new password is
rejected and passwd terminates; see passwd(4).
Assuming "aging" is sufficient, a check is made to ensure that the new
password meets construction requirements. When the new password is
entered a second time, the two copies of the new password are
compared. If the two copies differ, passwd repeats the cycle of
prompting for the new password, at most twice.
Passwords must be constructed to meet the following requirements:
+ A password must have at least six characters. Only the first
eight characters are significant in an untrusted system.
+ Characters must be from the 7-bit USASCII character set;
letters from the English alphabet.
+ A password must contain at least two uppercase and/or
lowercase letters and at least one numeric or special
character.
+ A password must differ from the user's login name and any
reverse or circular shift of that login name. For comparison
purposes, an uppercase letter and its corresponding lowercase
equivalent are treated as identical.
+ A new password must differ from the old one by at least three
characters (one character in a trusted system). For
comparison purposes, an uppercase letter and its corresponding
lowercase equivalent are treated as identical.
A superuser is a user whose effective user ID is zero; see id(1), and
su(1). Superusers can change any password and are not forced to
comply with password aging. In an untrusted system superusers are not
forced to comply with password construction requirements, and passwd
does not prompt a superuser for the old password. A superuser can
create a null password by entering a carriage return in response to
the prompt for a new password.
A superuser can also modify password aging characteristics associated
with the user name using the following options:
-f This option forces the user to enter a new password on the
next login.
-n min This option determines the minimum number of days, min, that
must transpire before the user can change the password.
-w warn This option specifies the number of days, warn, prior to the
password expiring when the user will be notified that the
password needs to be changed. This option is only enabled
when your system has been converted to a trusted, secure
system. Refer to the HP-UX System Administration Tasks
Manual on how to convert your HP-UX to a trusted, secure
system.
-x max This option determines the maximum number of days, max, a
password can remain unchanged. The user must enter another
password after that number of days has transpired, known as
the password expiration time .
The min and max arguments are each represented in units of days.
These arguments will be rounded up to the nearest week on a non-
trusted HP-UX system. If your system is then converted to a trusted
system, the number of days will be based on those weeks. If you only
supply one of the two arguments, passwd checks to see if the other one
already exists. If it does not exist, then it defaults it to zero for
you.
NETWORKING FEATURES
passwd can use the HP-UX Integrated Login Library, if configured. For
a complete description of using and administering HP-UX Integrated
Login, see auth(5) and auth.admin(1M).
HP-UX Integrated Login typically uses the Distributed Computing
Environment (DCE) for its user registry. For a complete description
of the DCE user registry and its relationship with HP-UX Integrated
Login, see auth.dce(5).
SECURITY FEATURES
This section applies only to a trusted system. It describes additional
capabilities and restrictions.
Additional restrictions which apply to superusers include: prompted
for supersuer passwords, null passwords must have been allowed
explicitly, all other password construction requirements, and prompted
for "user number", if it exists.
When you use passwd on a trusted system, the system prompts for the
existing password (if any), and begins a password solicitation dialog
that depends on the type of password generation the system
administrator has enabled on your account. There are four possible
options for password generation:
+ random syllables: A pronounceable password made up of
meaningless syllables.
+ random characters: An unpronounceable password made up of
random characters from the character
set.
+ random letters: An unpronounceable password made up of
random letters from the alphabet.
+ user-supplied: A user-supplied password, subject to
length and triviality restrictions.
Passwords can be longer than eight characters. The system
administrator specifies a maximum password length guideline for the 3
system generated options. The minimum password length depends on
several parameters that the system administrator sets in the
authentication databases. The system warns you if you choose a
password that is too short or too long.
The system requires a minimum time to elapse before you can change a
password. This prevents you from reusing an old password too soon.
A password expires after a period of time known as the expiration
time. The system warns you when the expiration time is drawing near.
A password dies after a period of time known as the password lifetime.
After the lifetime passes, the account is locked until the system
administrator re-enables it. After unlocking, you must change your
password again before you can use your account.
The system administrator can individually enable accounts with no
passwords. If your account can be run without a password, and if you
are allowed to pick your password, you can type carriage-return at the
New password: prompt.
You can change your own password if the system administrator has
enabled any of the password generation options for your account.
EXAMPLES
Change the password expiration date of user to 42 days:
passwd -x 42 user
Change the minimum time between password changes of user1 to 7 days:
passwd -n 7 user1
Force user2 to establish a new password on the next login that will
expire in 70 days and prohibit the user from changing the password
until 7 days have transpired:
passwd -f -x 70 -n 7 user2
EXTERNAL INFLUENCES
International Code Set Support
Characters from single-byte character code sets are supported in
passwords.
FILES
/etc/passwd Standard password file used by HP-UX.
/tcb/files/auth/*/* Protected password database used when
system is converted to trusted system.
SEE ALSO
auth(5), auth.adm(1M), auth.dce(5), chfn(1), id(1), login(1), su(1),
crypt(3C), getlogin(3C), passwd(4).
STANDARDS CONFORMANCE
passwd: SVID2, SVID3, XPG2