Home Man
Today's Posts

Linux & Unix Commands - Search Man Pages

RedHat 9 (Linux i386) - man page for passwd (redhat section 1)

PASSWD(1)				  User utilities				PASSWD(1)

       passwd - update a user's authentication tokens(s)

       passwd  [-k] [-l] [-u [-f]] [-d] [-n mindays] [-x maxdays] [-w warndays] [-i inactivedays]
       [-S] [username]

       Passwd is used to update a user's authentication token(s).

       Passwd is configured to work through  the  Linux-PAM  API.   Essentially,  it  initializes
       itself  as  a  "passwd" service with Linux-PAM and utilizes configured password modules to
       authenticate and then update a user's password.

       A simple entry in the Linux-PAM configuration file for this service would be:

	# passwd service entry that does strength checking of
	# a proposed password before updating it.
	passwd password requisite \
		    /usr/lib/security/pam_cracklib.so retry=3
	passwd password required \
		    /usr/lib/security/pam_unix.so use_authtok

       Note, other module-types are not required for this application to function correctly.

       -k     The option, -k, is used to indicate that the update  should  only  be  for  expired
	      authentication tokens (passwords); the user wishes to keep their non-expired tokens
	      as before.

       -l     This option is used to lock the specified account and it is available to root only.
	      The locking is performed by rendering the encrypted password into an invalid string
	      (by prefixing the encrypted string with an !).

	      This option is used to indicate that passwd should read the new password from stan-
	      dard input, which can be a pipe.

       -u     This  is	the  reverse  of  the  -l option - it will unlock the account password by
	      removing the ! prefix. This option is available to root  only.  By  default  passwd
	      will  refuse  to	create a passwordless account (it will not unlock an account that
	      has only "!" as a password). The force option -f will override this protection.

       -d     This is a quick way to disable a password for an account. It  will  set  the  named
	      account passwordless. Available to root only.

       -n     This  will  set  the minimum password lifetime, in days, if the user's account sup-
	      ports password lifetimes.  Available to root only.

       -x     This will set the maximum password lifetime, in days, if the  user's  account  sup-
	      ports password lifetimes.  Available to root only.

       -w     This  will set the number of days in advance the user will begin receiving warnings
	      that her password will expire, if the user's account supports  password  lifetimes.
	      Available to root only.

       -i     This  will  set  the  number of days which will pass before an expired password for
	      this account will be taken to mean that the account is inactive and should be  dis-
	      abled, if the user's account supports password lifetimes.  Available to root only.

       -S     This  will  output a short information about the status of the password for a given
	      account. Available to root user only.

Remember the following two principles
       Protect your password.
	      Don't write down your password - memorize it.  In particular, don't write  it  down
	      and  leave  it  anywhere, and don't place it in an unencrypted file!  Use unrelated
	      passwords for systems controlled by different organizations.  Don't give	or  share
	      your  password,  in particular to someone claiming to be from computer support or a
	      vendor.  Don't let anyone watch you enter your password.	Don't enter your password
	      to  a computer you don't trust or if things Use the password for a limited time and
	      change it periodically.

       Choose a hard-to-guess password.
	      passwd will try to prevent you from choosing a really bad password,  but	it  isn't
	      foolproof;  create  your password wisely.  Don't use something you'd find in a dic-
	      tionary (in any language or jargon).  Don't use a name (including that of a spouse,
	      parent,  child,  pet, fantasy character, famous person, and location) or any varia-
	      tion of your personal or account name.  Don't use accessible information about  you
	      (such as your phone number, license plate, or social security number) or your envi-
	      ronment.	Don't use a birthday or a simple pattern (such as backwards, followed  by
	      a  digit,  or  preceded  by a digit. Instead, use a mixture of upper and lower case
	      letters, as well as digits or punctuation.  When choosing a new password, make sure
	      it's  unrelated  to  any	previous  password.  Use long passwords (say 8 characters
	      long).  You might use a word pair  with  punctuation  inserted,  a  passphrase  (an
	      understandable  sequence	of  words),  or  the  first  letter  of  each  word  in a

       These principles are partially enforced by the system, but only partly so.   Vigilence  on
       your part will make the system much more secure.

       On successful completion of its task, passwd will complete with exit code 0.  An exit code
       of 1 indicates an error occurred.  Textual  errors  are	written  to  the  standard  error

       Linux-PAM (Pluggable Authentication modules for Linux).
       Note, if your distribution of Linux-PAM conforms to the Linux Filesystem Standard, you may
       find the modules in /lib/security/ instead of  /usr/lib/security/,  as  indicated  in  the

       /etc/pam.d/passwd - the Linux-PAM configuration file

       None known.

       pam(8), and pam_chauthok(2).

       For more complete information on how to configure this application with Linux-PAM, see the
       Linux-PAM System Administrators' Guide at

       Cristian Gafton <gafton@redhat.com>

Red Hat Linux				   Jan 03 1998					PASSWD(1)

All times are GMT -4. The time now is 11:16 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
Show Password