Annotation of src/usr.bin/passwd/passwd.1, Revision 1.18
1.18 ! millert 1: .\" $OpenBSD: passwd.1,v 1.17 2001/06/26 20:22:52 hin Exp $
1.9 aaron 2: .\"
1.1 deraadt 3: .\" Copyright (c) 1990 The Regents of the University of California.
4: .\" All rights reserved.
5: .\"
6: .\" Redistribution and use in source and binary forms, with or without
7: .\" modification, are permitted provided that the following conditions
8: .\" are met:
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\" 2. Redistributions in binary form must reproduce the above copyright
12: .\" notice, this list of conditions and the following disclaimer in the
13: .\" documentation and/or other materials provided with the distribution.
14: .\" 3. All advertising materials mentioning features or use of this software
15: .\" must display the following acknowledgement:
16: .\" This product includes software developed by the University of
17: .\" California, Berkeley and its contributors.
18: .\" 4. Neither the name of the University nor the names of its contributors
19: .\" may be used to endorse or promote products derived from this software
20: .\" without specific prior written permission.
21: .\"
22: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32: .\" SUCH DAMAGE.
33: .\"
34: .\" from: @(#)passwd.1 6.11 (Berkeley) 7/24/91
35: .\"
36: .Dd July 24, 1991
37: .Dt PASSWD 1
1.8 aaron 38: .Os
1.1 deraadt 39: .Sh NAME
40: .Nm passwd
41: .Nd modify a user's password
42: .Sh SYNOPSIS
43: .Nm passwd
44: .Op Fl l
1.5 art 45: .Op Fl y
1.1 deraadt 46: .Op Fl k
1.17 hin 47: .Op Fl K
1.5 art 48: .Op Fl n Ar name
49: .Op Fl i Ar instance
50: .Op Fl r Ar realm
51: .Op Fl u Ar username[.instance][@realm]
1.1 deraadt 52: .Op Ar user
1.5 art 53: .\" This should really be: passwd [-l] [-y] [-k [-n name] [-i instance] [-r realm] [-u username[.instance][@realm]]] [user]
1.1 deraadt 54: .Sh DESCRIPTION
1.13 aaron 55: .Nm
1.17 hin 56: changes the user's local, KerberosIV, KerberosV, or YP password.
1.9 aaron 57: First, the user is prompted for their current password.
1.13 aaron 58: If the current password is correctly typed, a new password is requested.
1.1 deraadt 59: The new password must be entered twice to avoid typing errors.
60: .Pp
61: The new password should be at least six characters long and not
62: purely alphabetic.
63: Its total length must be less than
64: .Dv _PASSWORD_LEN
65: (currently 128 characters).
1.13 aaron 66: A mixture of both lower and uppercase letters, numbers, and
67: meta-characters is encouraged.
1.12 provos 68: .Pp
1.18 ! millert 69: The quality of the password can be enforced by specifying an external
! 70: checking program via the
! 71: .Dq passwordcheck
! 72: variable in
! 73: .Xr login.conf 5 .
1.9 aaron 74: .Pp
75: The options are as follows:
1.14 aaron 76: .Bl -tag -width Ds
1.1 deraadt 77: .It Fl l
1.13 aaron 78: Causes the password to be updated only in the local password file.
1.9 aaron 79: When changing only the local password,
80: .Xr pwd_mkdb 8
1.1 deraadt 81: is used to update the password databases.
1.6 art 82: .It Fl y
1.7 aaron 83: Forces the YP password database entry to be changed, even if
1.9 aaron 84: the user has an entry in the local database.
85: The
1.6 art 86: .Xr rpc.yppasswdd 8
87: daemon should be running on the YP master server.
1.1 deraadt 88: .It Fl k
1.17 hin 89: Forces the change to affect the KerberosIV database, even
1.1 deraadt 90: if the user has a password in the local database.
91: Once the password has been verified,
1.13 aaron 92: .Nm
1.17 hin 93: communicates the new password information to the KerberosIV authenticating host.
1.6 art 94: .El
95: .Pp
1.8 aaron 96: The following flags are only used when the
1.6 art 97: .Fl k
1.7 aaron 98: flag is specified:
1.6 art 99: .Bl -tag -width flag
1.7 aaron 100: .It Fl n Ar name
1.8 aaron 101: Specifies a
1.7 aaron 102: .Ar name
1.9 aaron 103: that will be used as the principal name rather than the username
1.6 art 104: of the user running
1.7 aaron 105: .Nm passwd .
1.9 aaron 106: (This is determined from the ticket file if it exists; otherwise,
1.7 aaron 107: it is determined from the Unix user ID.)
108: .It Fl i Ar instance
1.8 aaron 109: Specifies an
110: .Ar instance
1.6 art 111: to use rather than a null instance.
1.7 aaron 112: .It Fl r Ar realm
113: Specifies a
114: .Ar realm
1.6 art 115: instead of the local realm.
1.7 aaron 116: .It Fl u Ar username[.instance][@realm]
1.17 hin 117: Specifies a fully qualified KerberosIV principal.
118: .It Fl K Ar principal@REALM
119: Changes a users KerberosV password.
1.1 deraadt 120: .El
121: .Pp
122: This is the behavior if no flags are specified:
1.17 hin 123: if KerberosIV is active then
1.13 aaron 124: .Nm
1.17 hin 125: will talk to the KerberosIV server (even if the user has an entry
1.7 aaron 126: in the local database).
1.1 deraadt 127: If the password is not in the local password database, then
128: an attempt is made to use the YP database.
129: .Pp
1.17 hin 130: To change another user's KerberosIV password, one must first run
1.1 deraadt 131: .Xr kinit 1
132: followed by
133: .Xr passwd 1 .
1.11 aaron 134: The superuser is not required to provide a user's current password
1.1 deraadt 135: if only the local password is modified.
1.4 provos 136: .Pp
137: Which type of cipher is used to encrypt the password information
138: depends on the configuration in
1.18 ! millert 139: .Xr login.conf 5 .
! 140: It can be different for local
! 141: .Po Do localcipher Dc Pc
! 142: and YP
! 143: .Po Do ypcipher Dc Pc
! 144: passwords.
1.13 aaron 145: .Sh DIAGNOSTICS
146: .Bl -diag
1.18 ! millert 147: .It "The passwd file is busy..."
1.13 aaron 148: The password file is currently locked by another process, or a
149: process previously holding the lock was prematurely terminated.
1.18 ! millert 150: To determine whether another process is holding the lock, the
! 151: admin may run the following:
! 152: .Bd -literal -offset indent
! 153: fstat /etc/ptmp
! 154: .Ed
! 155: .Pp
! 156: If no process is listed, it is safe to remove the
1.13 aaron 157: .Pa /etc/ptmp
158: file to get rid of this error.
1.1 deraadt 159: .Sh FILES
160: .Bl -tag -width /etc/master.passwd -compact
1.18 ! millert 161: .It /etc/login.conf
! 162: configuration options
1.1 deraadt 163: .It Pa /etc/master.passwd
1.7 aaron 164: user database
1.8 aaron 165: .It Pa /etc/passwd
1.7 aaron 166: a Version 7 format password file
1.1 deraadt 167: .It Pa /etc/passwd.XXXXXX
1.7 aaron 168: temporary copy of the password file
1.13 aaron 169: .It /etc/ptmp
170: lock file for the passwd database
1.1 deraadt 171: .El
172: .Sh SEE ALSO
173: .Xr chpass 1 ,
174: .Xr kerberos 1 ,
175: .Xr kinit 1 ,
176: .Xr login 1 ,
1.18 ! millert 177: .Xr login.conf 5 ,
1.1 deraadt 178: .Xr passwd 5 ,
179: .Xr pwd_mkdb 8 ,
180: .Xr vipw 8
181: .Rs
1.16 deraadt 182: .%A Robert Morris
183: .%A Ken Thompson
1.1 deraadt 184: .%T "UNIX password security"
185: .Re
186: .Sh HISTORY
187: A
1.13 aaron 188: .Nm
1.1 deraadt 189: command appeared in
190: .At v6 .
![[BACK]](/icons/back.gif){kind=icon}
Return to passwd.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / passwd