Annotation of src/usr.bin/passwd/passwd.1, Revision 1.45
1.45 ! danj 1: .\" $OpenBSD: passwd.1,v 1.44 2015/11/26 19:01:47 deraadt Exp $
1.9 aaron 2: .\"
1.1 deraadt 3: .\" Copyright (c) 1990 The Regents of the University of California.
4: .\" All rights reserved.
5: .\"
6: .\" Redistribution and use in source and binary forms, with or without
7: .\" modification, are permitted provided that the following conditions
8: .\" are met:
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\" 2. Redistributions in binary form must reproduce the above copyright
12: .\" notice, this list of conditions and the following disclaimer in the
13: .\" documentation and/or other materials provided with the distribution.
1.24 millert 14: .\" 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 15: .\" may be used to endorse or promote products derived from this software
16: .\" without specific prior written permission.
17: .\"
18: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28: .\" SUCH DAMAGE.
29: .\"
30: .\" from: @(#)passwd.1 6.11 (Berkeley) 7/24/91
31: .\"
1.45 ! danj 32: .Dd $Mdocdate: November 26 2015 $
1.1 deraadt 33: .Dt PASSWD 1
1.8 aaron 34: .Os
1.1 deraadt 35: .Sh NAME
36: .Nm passwd
37: .Nd modify a user's password
38: .Sh SYNOPSIS
39: .Nm passwd
40: .Op Ar user
41: .Sh DESCRIPTION
1.13 aaron 42: .Nm
1.44 deraadt 43: changes the user's password.
1.42 millert 44: If no
45: .Ar user
46: is specified, the user's login name is used (see
47: .Xr logname 1 ) .
1.9 aaron 48: First, the user is prompted for their current password.
1.13 aaron 49: If the current password is correctly typed, a new password is requested.
1.1 deraadt 50: The new password must be entered twice to avoid typing errors.
51: .Pp
52: The new password should be at least six characters long and not
53: purely alphabetic.
54: Its total length must be less than
55: .Dv _PASSWORD_LEN
56: (currently 128 characters).
1.13 aaron 57: A mixture of both lower and uppercase letters, numbers, and
58: meta-characters is encouraged.
1.12 provos 59: .Pp
1.18 millert 60: The quality of the password can be enforced by specifying an external
61: checking program via the
62: .Dq passwordcheck
63: variable in
64: .Xr login.conf 5 .
1.1 deraadt 65: .Pp
1.11 aaron 66: The superuser is not required to provide a user's current password
1.1 deraadt 67: if only the local password is modified.
1.4 provos 68: .Pp
1.41 tedu 69: Password encryption parameters depend on the configuration of the
70: .Dq localcipher
71: capability in
1.18 millert 72: .Xr login.conf 5 .
1.45 ! danj 73: If none is specified then blowfish is used, with the number of
! 74: rounds selected based on system performance.
1.25 jmc 75: .Sh FILES
76: .Bl -tag -width /etc/master.passwd -compact
1.43 sobrado 77: .It Pa /etc/login.conf
1.25 jmc 78: configuration options
79: .It Pa /etc/master.passwd
80: user database
81: .It Pa /etc/passwd
1.34 jmc 82: user database, with confidential information removed
1.25 jmc 83: .It Pa /etc/passwd.XXXXXX
84: temporary copy of the password file
1.43 sobrado 85: .It Pa /etc/ptmp
1.25 jmc 86: lock file for the passwd database
87: .El
1.13 aaron 88: .Sh DIAGNOSTICS
89: .Bl -diag
1.35 schwarze 90: .It "Attempting to lock password file, please wait or press ^C to abort"
1.20 millert 91: .Pp
92: The password file is currently locked by another process;
93: .Nm
94: will keep trying to lock the password file until it succeeds or
1.23 deraadt 95: you hit the interrupt character (control-C by default).
1.20 millert 96: If
97: .Nm
1.35 schwarze 98: is interrupted while trying to gain the lock the password change will
1.20 millert 99: be lost.
100: .Pp
101: If the process holding the lock was prematurely terminated the lock
102: file may be stale and
103: .Nm
104: will wait forever trying to lock the password file.
105: To determine whether a live process is actually holding the lock, the
1.18 millert 106: admin may run the following:
107: .Bd -literal -offset indent
1.22 mpech 108: $ fstat /etc/ptmp
1.18 millert 109: .Ed
110: .Pp
111: If no process is listed, it is safe to remove the
1.13 aaron 112: .Pa /etc/ptmp
1.20 millert 113: file to clear the error.
1.1 deraadt 114: .El
115: .Sh SEE ALSO
116: .Xr chpass 1 ,
1.36 tedu 117: .Xr encrypt 1 ,
1.42 millert 118: .Xr logname 1 ,
1.18 millert 119: .Xr login.conf 5 ,
1.1 deraadt 120: .Xr passwd 5 ,
121: .Xr pwd_mkdb 8 ,
122: .Xr vipw 8
123: .Rs
1.16 deraadt 124: .%A Robert Morris
125: .%A Ken Thompson
1.37 schwarze 126: .%T Password security: a case history
127: .%J Communications of the ACM
128: .%V Volume 22
129: .%N Issue 11
130: .%D Nov. 1979
131: .%P 594\(en597
1.1 deraadt 132: .Re
133: .Sh HISTORY
134: A
1.13 aaron 135: .Nm
1.1 deraadt 136: command appeared in
1.21 mickey 137: .At v3 .