Annotation of src/usr.bin/passwd/passwd.1, Revision 1.4
1.4 ! provos 1: .\" $OpenBSD: passwd.1,v 1.3 1996/06/26 05:37:47 deraadt Exp $
1.1 deraadt 2: .\" Copyright (c) 1990 The Regents of the University of California.
3: .\" All rights reserved.
4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\" 1. Redistributions of source code must retain the above copyright
9: .\" notice, this list of conditions and the following disclaimer.
10: .\" 2. Redistributions in binary form must reproduce the above copyright
11: .\" notice, this list of conditions and the following disclaimer in the
12: .\" documentation and/or other materials provided with the distribution.
13: .\" 3. All advertising materials mentioning features or use of this software
14: .\" must display the following acknowledgement:
15: .\" This product includes software developed by the University of
16: .\" California, Berkeley and its contributors.
17: .\" 4. Neither the name of the University nor the names of its contributors
18: .\" may be used to endorse or promote products derived from this software
19: .\" without specific prior written permission.
20: .\"
21: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31: .\" SUCH DAMAGE.
32: .\"
33: .\" from: @(#)passwd.1 6.11 (Berkeley) 7/24/91
34: .\"
35: .Dd July 24, 1991
36: .Dt PASSWD 1
37: .Os BSD 4
38: .Sh NAME
39: .Nm passwd
40: .Nd modify a user's password
41: .Sh SYNOPSIS
42: .Nm passwd
43: .Op Fl l
44: .Op Fl k
45: .Op Fl y
46: .Op Ar user
47: .Sh DESCRIPTION
48: .Nm Passwd
49: changes the user's local, Kerberos, or YP password. First, the user is prompted
50: for their current password.
51: If the current password is correctly typed, a new password is
52: requested.
53: The new password must be entered twice to avoid typing errors.
54: .Pp
55: The new password should be at least six characters long and not
56: purely alphabetic.
57: Its total length must be less than
58: .Dv _PASSWORD_LEN
59: (currently 128 characters).
60: Numbers, upper case letters and meta characters
61: are encouraged.
62: .Bl -tag -width flag
63: .It Fl l
64: This option causes the password to be updated only in the local
65: password file. When changing only the local password,
66: .Xr pwd_mkdb 8
67: is used to update the password databases.
68: .It Fl k
69: This option forces the change to affect the Kerberos database, even
70: if the user has a password in the local database.
71: Once the password has been verified,
72: .Nm passwd
73: communicates the new password information to
74: the Kerberos authenticating host.
75: .It Fl y
76: This forces the YP password database entry to be changed, even if
77: the user has an entry in the local database. The
78: .Xr rpc.yppasswdd 8
79: daemon should be running on the YP master server.
80: .El
81: .Pp
82: This is the behavior if no flags are specified:
83: if Kerberos is active then
84: .Nm passwd
85: will talk to the Kerberos server (even if the user has an entry
86: in the local database.)
87: If the password is not in the local password database, then
88: an attempt is made to use the YP database.
89: .Pp
90: To change another user's Kerberos password, one must first
91: run
92: .Xr kinit 1
93: followed by
94: .Xr passwd 1 .
95: The super-user is not required to provide a user's current password
96: if only the local password is modified.
1.4 ! provos 97: .Pp
! 98: Which type of cipher is used to encrypt the password information
! 99: depends on the configuration in
! 100: .Xr passwd.conf 5 .
! 101: It can be different for local and YP passwords.
1.1 deraadt 102: .Sh FILES
103: .Bl -tag -width /etc/master.passwd -compact
104: .It Pa /etc/master.passwd
105: The user database
106: .It Pa /etc/passwd
107: A Version 7 format password file
108: .It Pa /etc/passwd.XXXXXX
109: Temporary copy of the password file
1.4 ! provos 110: .It /etc/passwd.conf
! 111: Configuration options
1.1 deraadt 112: .El
113: .Sh SEE ALSO
114: .Xr chpass 1 ,
115: .Xr kerberos 1 ,
116: .Xr kinit 1 ,
117: .Xr login 1 ,
118: .Xr passwd 5 ,
1.4 ! provos 119: .Xr passwd.conf 5 ,
1.1 deraadt 120: .Xr kpasswdd 8 ,
121: .Xr pwd_mkdb 8 ,
122: .Xr vipw 8
123: .Rs
124: .%A Robert Morris
125: .%A Ken Thompson
126: .%T "UNIX password security"
127: .Re
128: .Sh HISTORY
129: A
130: .Nm passwd
131: command appeared in
132: .At v6 .