Annotation of src/usr.bin/passwd/passwd.1, Revision 1.5
1.5 ! art 1: .\" $OpenBSD: passwd.1,v 1.4 1997/02/25 18:19:35 provos Exp $
1.1 deraadt 2: .\" Copyright (c) 1990 The Regents of the University of California.
3: .\" All rights reserved.
4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\" 1. Redistributions of source code must retain the above copyright
9: .\" notice, this list of conditions and the following disclaimer.
10: .\" 2. Redistributions in binary form must reproduce the above copyright
11: .\" notice, this list of conditions and the following disclaimer in the
12: .\" documentation and/or other materials provided with the distribution.
13: .\" 3. All advertising materials mentioning features or use of this software
14: .\" must display the following acknowledgement:
15: .\" This product includes software developed by the University of
16: .\" California, Berkeley and its contributors.
17: .\" 4. Neither the name of the University nor the names of its contributors
18: .\" may be used to endorse or promote products derived from this software
19: .\" without specific prior written permission.
20: .\"
21: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31: .\" SUCH DAMAGE.
32: .\"
33: .\" from: @(#)passwd.1 6.11 (Berkeley) 7/24/91
34: .\"
35: .Dd July 24, 1991
36: .Dt PASSWD 1
37: .Os BSD 4
38: .Sh NAME
39: .Nm passwd
40: .Nd modify a user's password
41: .Sh SYNOPSIS
42: .Nm passwd
43: .Op Fl l
1.5 ! art 44: .Op Fl y
1.1 deraadt 45: .Op Fl k
1.5 ! art 46: .Op Fl n Ar name
! 47: .Op Fl i Ar instance
! 48: .Op Fl r Ar realm
! 49: .Op Fl u Ar username[.instance][@realm]
1.1 deraadt 50: .Op Ar user
1.5 ! art 51: .\" This should really be: passwd [-l] [-y] [-k [-n name] [-i instance] [-r realm] [-u username[.instance][@realm]]] [user]
1.1 deraadt 52: .Sh DESCRIPTION
53: .Nm Passwd
54: changes the user's local, Kerberos, or YP password. First, the user is prompted
55: for their current password.
56: If the current password is correctly typed, a new password is
57: requested.
58: The new password must be entered twice to avoid typing errors.
59: .Pp
60: The new password should be at least six characters long and not
61: purely alphabetic.
62: Its total length must be less than
63: .Dv _PASSWORD_LEN
64: (currently 128 characters).
65: Numbers, upper case letters and meta characters
66: are encouraged.
67: .Bl -tag -width flag
68: .It Fl l
69: This option causes the password to be updated only in the local
70: password file. When changing only the local password,
71: .Xr pwd_mkdb 8
72: is used to update the password databases.
73: .It Fl k
74: This option forces the change to affect the Kerberos database, even
75: if the user has a password in the local database.
76: Once the password has been verified,
77: .Nm passwd
78: communicates the new password information to
79: the Kerberos authenticating host.
80: .It Fl y
81: This forces the YP password database entry to be changed, even if
82: the user has an entry in the local database. The
83: .Xr rpc.yppasswdd 8
84: daemon should be running on the YP master server.
85: .El
86: .Pp
87: This is the behavior if no flags are specified:
88: if Kerberos is active then
89: .Nm passwd
90: will talk to the Kerberos server (even if the user has an entry
91: in the local database.)
92: If the password is not in the local password database, then
93: an attempt is made to use the YP database.
94: .Pp
95: To change another user's Kerberos password, one must first
96: run
97: .Xr kinit 1
98: followed by
99: .Xr passwd 1 .
100: The super-user is not required to provide a user's current password
101: if only the local password is modified.
1.4 provos 102: .Pp
103: Which type of cipher is used to encrypt the password information
104: depends on the configuration in
105: .Xr passwd.conf 5 .
106: It can be different for local and YP passwords.
1.1 deraadt 107: .Sh FILES
108: .Bl -tag -width /etc/master.passwd -compact
109: .It Pa /etc/master.passwd
110: The user database
111: .It Pa /etc/passwd
112: A Version 7 format password file
113: .It Pa /etc/passwd.XXXXXX
114: Temporary copy of the password file
1.4 provos 115: .It /etc/passwd.conf
116: Configuration options
1.1 deraadt 117: .El
118: .Sh SEE ALSO
119: .Xr chpass 1 ,
120: .Xr kerberos 1 ,
121: .Xr kinit 1 ,
122: .Xr login 1 ,
123: .Xr passwd 5 ,
1.4 provos 124: .Xr passwd.conf 5 ,
1.1 deraadt 125: .Xr kpasswdd 8 ,
126: .Xr pwd_mkdb 8 ,
127: .Xr vipw 8
128: .Rs
129: .%A Robert Morris
130: .%A Ken Thompson
131: .%T "UNIX password security"
132: .Re
133: .Sh HISTORY
134: A
135: .Nm passwd
136: command appeared in
137: .At v6 .