Annotation of src/usr.bin/passwd/passwd.1, Revision 1.7
1.7 ! aaron 1: .\" $OpenBSD: passwd.1,v 1.6 1998/01/20 19:51:58 art Exp $
1.1 deraadt 2: .\" Copyright (c) 1990 The Regents of the University of California.
3: .\" All rights reserved.
4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\" 1. Redistributions of source code must retain the above copyright
9: .\" notice, this list of conditions and the following disclaimer.
10: .\" 2. Redistributions in binary form must reproduce the above copyright
11: .\" notice, this list of conditions and the following disclaimer in the
12: .\" documentation and/or other materials provided with the distribution.
13: .\" 3. All advertising materials mentioning features or use of this software
14: .\" must display the following acknowledgement:
15: .\" This product includes software developed by the University of
16: .\" California, Berkeley and its contributors.
17: .\" 4. Neither the name of the University nor the names of its contributors
18: .\" may be used to endorse or promote products derived from this software
19: .\" without specific prior written permission.
20: .\"
21: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31: .\" SUCH DAMAGE.
32: .\"
33: .\" from: @(#)passwd.1 6.11 (Berkeley) 7/24/91
34: .\"
35: .Dd July 24, 1991
36: .Dt PASSWD 1
37: .Os BSD 4
38: .Sh NAME
39: .Nm passwd
40: .Nd modify a user's password
41: .Sh SYNOPSIS
42: .Nm passwd
43: .Op Fl l
1.5 art 44: .Op Fl y
1.1 deraadt 45: .Op Fl k
1.5 art 46: .Op Fl n Ar name
47: .Op Fl i Ar instance
48: .Op Fl r Ar realm
49: .Op Fl u Ar username[.instance][@realm]
1.1 deraadt 50: .Op Ar user
1.5 art 51: .\" This should really be: passwd [-l] [-y] [-k [-n name] [-i instance] [-r realm] [-u username[.instance][@realm]]] [user]
1.1 deraadt 52: .Sh DESCRIPTION
1.7 ! aaron 53: .Nm passwd
1.1 deraadt 54: changes the user's local, Kerberos, or YP password. First, the user is prompted
55: for their current password.
56: If the current password is correctly typed, a new password is
57: requested.
58: The new password must be entered twice to avoid typing errors.
59: .Pp
60: The new password should be at least six characters long and not
61: purely alphabetic.
62: Its total length must be less than
63: .Dv _PASSWORD_LEN
64: (currently 128 characters).
1.7 ! aaron 65: Numbers, upper case letters and meta-characters
1.1 deraadt 66: are encouraged.
67: .Bl -tag -width flag
68: .It Fl l
1.7 ! aaron 69: Causes the password to be updated only in the local
1.1 deraadt 70: password file. When changing only the local password,
71: .Xr pwd_mkdb 8
72: is used to update the password databases.
1.6 art 73: .It Fl y
1.7 ! aaron 74: Forces the YP password database entry to be changed, even if
1.6 art 75: the user has an entry in the local database. The
76: .Xr rpc.yppasswdd 8
77: daemon should be running on the YP master server.
1.1 deraadt 78: .It Fl k
1.7 ! aaron 79: Forces the change to affect the Kerberos database, even
1.1 deraadt 80: if the user has a password in the local database.
81: Once the password has been verified,
82: .Nm passwd
83: communicates the new password information to
84: the Kerberos authenticating host.
1.6 art 85: .El
86: .Pp
87: The following flags are only used when the
88: .Fl k
1.7 ! aaron 89: flag is specified:
1.6 art 90: .Bl -tag -width flag
1.7 ! aaron 91: .It Fl n Ar name
! 92: Specifies a
! 93: .Ar name
1.6 art 94: that will be used as the principal name rather than the username
95: of the user running
1.7 ! aaron 96: .Nm passwd .
1.6 art 97: (This is determined from the ticket file if it exists; otherwise,
1.7 ! aaron 98: it is determined from the Unix user ID.)
! 99: .It Fl i Ar instance
! 100: Specifies an
! 101: .Ar instance
1.6 art 102: to use rather than a null instance.
1.7 ! aaron 103: .It Fl r Ar realm
! 104: Specifies a
! 105: .Ar realm
1.6 art 106: instead of the local realm.
1.7 ! aaron 107: .It Fl u Ar username[.instance][@realm]
! 108: Specifies a fully qualified kerberos principal.
1.1 deraadt 109: .El
110: .Pp
111: This is the behavior if no flags are specified:
112: if Kerberos is active then
113: .Nm passwd
114: will talk to the Kerberos server (even if the user has an entry
1.7 ! aaron 115: in the local database).
1.1 deraadt 116: If the password is not in the local password database, then
117: an attempt is made to use the YP database.
118: .Pp
119: To change another user's Kerberos password, one must first
120: run
121: .Xr kinit 1
122: followed by
123: .Xr passwd 1 .
124: The super-user is not required to provide a user's current password
125: if only the local password is modified.
1.4 provos 126: .Pp
127: Which type of cipher is used to encrypt the password information
128: depends on the configuration in
129: .Xr passwd.conf 5 .
130: It can be different for local and YP passwords.
1.1 deraadt 131: .Sh FILES
132: .Bl -tag -width /etc/master.passwd -compact
133: .It Pa /etc/master.passwd
1.7 ! aaron 134: user database
1.1 deraadt 135: .It Pa /etc/passwd
1.7 ! aaron 136: a Version 7 format password file
1.1 deraadt 137: .It Pa /etc/passwd.XXXXXX
1.7 ! aaron 138: temporary copy of the password file
1.4 provos 139: .It /etc/passwd.conf
1.7 ! aaron 140: configuration options
1.1 deraadt 141: .El
142: .Sh SEE ALSO
143: .Xr chpass 1 ,
144: .Xr kerberos 1 ,
145: .Xr kinit 1 ,
146: .Xr login 1 ,
147: .Xr passwd 5 ,
1.4 provos 148: .Xr passwd.conf 5 ,
1.1 deraadt 149: .Xr kpasswdd 8 ,
150: .Xr pwd_mkdb 8 ,
151: .Xr vipw 8
152: .Rs
153: .%A Robert Morris
154: .%A Ken Thompson
155: .%T "UNIX password security"
156: .Re
157: .Sh HISTORY
158: A
159: .Nm passwd
160: command appeared in
161: .At v6 .
![[BACK]](/icons/back.gif){kind=icon}
Return to passwd.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / passwd