passwd man page on HP-UX

Man page or keyword search:  
man Server   10987 pages
apropos Keyword Search (all sections)
Output format
HP-UX logo
[printable version]

passwd(1)							     passwd(1)

NAME
       passwd - change login password and associated attributes

SYNOPSIS
       [name]

       [name]

       [shell]] [name]

       [name]

       min] warn] max] name

       [shell]] [name]

       [shell]] [name]

DESCRIPTION
       The  command modifies the password as well as the attributes associated
       with the login name.  If name is omitted, it defaults to	 the  invoking
       user's login name, which is determined using See getuid(2).

       Ordinary	 users	can only change passwords corresponding to their login
       name.  If an old password has been established, it  is  requested  from
       the user.  If valid, a new password is obtained.	 Once the new password
       is entered, it is determined if the  old	 password  has	"aged"	suffi‐
       ciently.	  If  password	aging  is  not sufficient, the new password is
       rejected and terminates.	 See passwd(4).

       If password aging and construction requirements are met,	 the  password
       is  re-entered to ensure consistency.  If the new copy differs, repeats
       the new password prompting cycle, at most twice.

       A superuser, whose effective user ID is zero, (see id(1) and su(1)), is
       allowed	to  change any password and is not forced to comply with pass‐
       word aging.  On a trusted system, superusers are prompted for old pass‐
       words.	On  standard systems, superusers are not forced to comply with
       password construction requirements.  Refer also to the section of  this
       manpage.	  Null	passwords can be created by entering a carriage return
       in response to the prompt for a new password.

       For the	(local	system)	 repository,  if  no  file  exists,  then  the
       encrypted  password  is	stored	in  the	 password field of If the file
       exists, then the encrypted password is stored  there,  and  an  'x'  is
       added to the password field of

       The  DCE repository is only available if Integrated Login has been con‐
       figured.	 See auth.adm(1M).  If Integrated Login has  been  configured,
       other  considerations apply.  A user with appropriate DCE privileges is
       capable of modifying a user's password, shell, gecos or home  directory
       and this is not dependent upon superuser privileges.

       If  the	repository  is not specified, that is, [name], the password is
       changed in all existing repositories configured in If password  options
       are used, and no repository is specified, the default repository is

   Options
       The following options are recognized:

       Modify the default shell for the user's login
		      name  in	the  password  file.  If the shell is not pro‐
		      vided, the user will be prompted to  enter  the  default
		      login shell.

       The default password file is
		      The  option  can be used to choose an alternate password
		      file, where read and  write  permissions	are  required.
		      This option is only available when using the repository,
		      and it is not intended for trusted mode.

       Change the gecos information in the password file,
		      which is used by the command.  The user is prompted  for
		      each  subfield:  name,  location,	 work  phone, and home
		      phone.

       Specify the repository to which the operation is to be applied.
		      Supported repositories include and If repository is  not
		      specified, the default is

       Display some password attributes associated with the specified
		      name.  Superuser privilege is required if the repository
		      is specified.

		      The format of the display will be:

		      or, if password aging information is not present

		      where status means: and

       Display some password attributes for all users in the password file.
		      The option must be used in conjunction with the  option,
		      with no name specified.  For this is restricted to supe‐
		      ruser.  For a more complete display  of  attributes  use
		      the command.

   Privileged User Options
       A  superuser  can  modify characteristics associated with the user name
       using the following options:

       Allow user to login without a password by deleting it.
		      This option unlocks/activates the user account if	 found
		      locked/deactivated.

       Force user to change password upon next login by expiring
		      the current password.

       Modify the default home directory in the
		      password file.

       Lock user account.
		      This option replaces the encrypted password with *.

       Determine the minimum number of days,
		      min,  that must transpire before the user can change the
		      password.	 If the option was used in a previous  invoca‐
		      tion  of to immediately expire a password, the effect of
		      the option is cancelled.	The effect of  the  option  is
		      not  cancelled if the option and option are specified on
		      the same command line or if the  system  has  been  con‐
		      verted to a trusted system.

       Specify the number of days,
		      warn,  prior to the password expiring when the user will
		      be notified that the password needs to be changed.  This
		      option  is  not  allowed	for systems that are not using
		      shadow passwords.

       Determine the maximum number of days,
		      max, a password can remain  unchanged.   The  user  must
		      enter  another  password	after  that number of days has
		      transpired, known as the password If the option was used
		      in  a  previous  invocation  of  to immediately expire a
		      password, the effect of the option is cancelled, and the
		      password	will not expire until days.  The effect of the
		      option is not cancelled if the option and the option are
		      specified	 on the same command line or if the system has
		      been converted to a trusted system.

       The min and max arguments are each represented in units of days.	 These
       arguments  will	be  rounded up to the nearest week on a standard HP-UX
       system.	If the system is then converted to a trusted system, the  num‐
       ber of days will be based on those weeks.  If only one of the two argu‐
       ments is supplied, and the other argument does not exist, then the num‐
       ber of days is set to zero.

       If  patch  PHCO_36523  or  later	 is  installed, then for systems using
       shadow passwords the rounding of password aging arguments can  be  sup‐
       pressed by creating the file If this file exists, then the command does
       not round the and argument values to a multiple of a week.  The use  of
       this file is specific to this release; in a future release the behavior
       of the command will be changed to never round aging values for  systems
       that are using shadow passwords.

   Password Aging
       The following description applies to all repositories except nis, which
       does not support password aging.

       The system requires a minimum time to elapse before a password  can  be
       changed.	  This	prevents  reuse	 of an old password within too brief a
       period of time.	System warnings are displayed as the  expiration  time
       approaches.

       A  password  is no longer usable after a time period known as the pass‐
       word After the lifetime passes, the account is locked until it  is  re-
       enabled	by  a system administrator.  Once unlocked, the user is forced
       to change the password before using the account.

       The and arguments are each represented in units of days.	  These	 argu‐
       ments are rounded up to the nearest week on a standard system.  If only
       one of the two arguments is supplied and the other  argument  does  not
       exist, then the number of days is set to zero.

       Default	values	may be set in the file for the and options.  See secu‐
       rity(4).	 The attributes to select password aging defaults are:

   Password Construction Requirements
       Passwords must be constructed to meet the following requirements:

	 ·  On a standard system, only the first eight characters of  a	 pass‐
	    word are significant.

	 ·  The default minimum password length is six characters for non-root
	    users on a standard system and for all users on a trusted  system.
	    See	 the  description of the attribute in security(4) for informa‐
	    tion on how to change this restriction.

	 ·  Characters must be from the 7-bit US-ASCII character set;  letters
	    from the English alphabet.

	 ·  A  password	 must  contain	at  least two letters and at least one
	    numeric or special character.

	 ·  A password must differ from the user's login name and any  reverse
	    or circular shift of that login name.  For comparison purposes, an
	    uppercase letter and its corresponding  lowercase  equivalent  are
	    treated as identical.

	 ·  A  new  password  must  differ  from the old one by at least three
	    characters (one character for non super user  if  changed  by  the
	    super user in a trusted system).

   Repository Configuration
       The file specifies the repositories for which the password must be mod‐
       ified.  The following configurations are supported:

	      ·	 passwd: files

	      ·	 passwd: files nis

	      ·	 passwd: compat (--> files nis)

   Authorizations
       When the Role-Based Access  Control  Extensions	product	 (RBACExt)  is
       installed,  users with specific authorizations can be granted access to
       some of the options that normally require privileged user  access  when
       the files or NIS repositories are used.

       Refer  to rbac(5) for more information on the Role-Based Access Control
       product.	 The following is a list of the	 required  authorizations  for
       running with particular options:

       Allows a user to modify the password of any non-root user.

       Allows a user to use the
	   option to delete the password of any non-root user.

       Allows a user to use the
	   option to display the password attributes of any user.

       Allows a user to use the
	   option to expire the password of any non-root user.

       Allows a user to use the
	   option (or to modify the gecos information of any non-root user.

       Allows a user to use the
	   option to change the home directory of any non-root user.

       Allows a user to use the
	   option to lock the account of any non-root user.

       Allows a user to use the
	   option to specify the expiration time of a password of any non-root
	   user.

       Allows a user to use the
	   option to specify, for non-root users, the minimum number  of  days
	   that must transpire before a password can be changed.

       Allows a user to use the
	   option (or to change the default shell of any non-root user.

       Allows a user to use the
	   option  to specify, for non-root users, the number of days prior to
	   a password's expiration that the user will be notified.

   Smart Card Login
       If the user account is configured to use a Smart Card, the  user	 pass‐
       word  is stored in the card.  This password has characteristics identi‐
       cal to a normal password stored on the system.

       The Smart Card must be inserted into the Smart Card reader.   The  user
       is prompted for a PIN instead of a password during authentication.

       The  password  is  retrieved  automatically  from the Smart Card when a
       valid PIN is entered.  Therefore, it is not necessary to know the pass‐
       word, only the PIN.

       If the system retrieves a valid old password from the card, a new pass‐
       word is requested (twice).  If the new password meets all requirements,
       the system automatically overwrites the old password stored on the card
       with the new password.

       Therefore, the new dialog resembles:

       A Smart Card account can be shared among users.	If one	user  modifies
       the  password,  other users must use the command to write the new pass‐
       word onto their cards.

       The command is used to change the Smart Card PIN.

SECURITY FEATURES
       This section applies only to trusted systems.  It describes  additional
       capabilities and restrictions.

       When is invoked on a trusted system, the existing password is requested
       (if one is present).  This initiates the password  solicitation	dialog
       which depends upon the type of password generation (format policy) that
       has been enabled on the account doing the command.  There are four pos‐
       sible options for password generation:

	      Random syllables	       A  pronounceable	 password  made	 up of
				       meaningless syllables.

	      Random characters	       An unpronounceable password made up  of
				       random  characters  from	 the character
				       set.

	      Random letters	       An unpronounceable password made up  of
				       random letters from the alphabet.

	      User-supplied	       A  user-supplied	 password,  subject to
				       length and triviality restrictions.

       Passwords can be greater than eight characters, but it  is  recommended
       that they be less than 40 characters.  System warnings are displayed if
       passwords lengths are either too long or short.	The system administra‐
       tor can specify a maximum password length guideline for the system gen‐
       erated options (random syllables, random characters,  and  random  let‐
       ters).  The actual maximum password length depends upon several parame‐
       ters in the authentication database and in the algorithm.

       The system requires a to elapse before a password can be changed.  This
       prevents reuse of an old password within an undesirable period of time.

       A  password expires after a period of time known as the System warnings
       are displayed as expiration time approaches.

       A password dies after a time period known as  the  After	 the  lifetime
       passes, the account is locked until it is re-enabled by a system admin‐
       istrator.  Once unlocked, the user is forced  to	 change	 the  password
       before account use.

       The  system  administrator can enable accounts without passwords.  If a
       user account is allowed to function without a password,	the  user  can
       choose  a null password by typing a carriage-return when prompted for a
       new password.

       The system administrator can enable the	password  history  feature  to
       discourage  users from reusing previously used passwords.  Refer to the
       security(4)  manual  page  for  detailed	 information  on  configurable
       attributes that affect the behavior of this command.  The attribute for
       password history is:

EXTERNAL INFLUENCES
   International Code Set Support
       Characters from single-byte character code sets are supported in	 pass‐
       words.

EXAMPLES
       Change the password expiration date of to 42 days in the repository:

       Force  to  establish a new password on the next login which will expire
       in 70 days and prohibit the user from changing  the  password  until  7
       days have transpired:

DEPENDENCIES
   Pluggable Authentication Modules (PAM)
       PAM is an Open Group standard for user authentication, password modifi‐
       cation, and account validation.	In particular, is invoked  to  perform
       all  functions  related	to  This  includes establishing and changing a
       password, using options, and displaying error messages.

WARNINGS
       Avoid password characters which have special meaning to the tty driver,
       such  as	 #  (erase)  and  @ (kill).  You may not be able to login with
       these characters.

       Multiple superusers are allowed, but are strongly discouraged.  That is
       because	the  system often stores user ID rather than user name. Having
       unique IDs for all users will guarantee a  consistent  mapping  between
       user name and user ID.

       HP-UX  11i  Version  3  is  the last release to support trusted systems
       functionality.

FILES
       Standard password file used by HP-UX.
       Shadow password file.
       Protected password database used when system is	converted  to  trusted
       system.
       Repository Configuration.	  Security    defaults	 configuration
					  file.
       If patch PHCO_36523 or later is installed, do not round
					  password  aging  values  on  systems
					  using shadow passwords.

SEE ALSO
       chfn(1),	 id(1), login(1), su(1), logins(1M), pwconv(1M), auth.adm(1M),
       getuid(2),  crypt(3C),  passwd(4),  security(4),	 shadow(4),   auth(5),
       auth.dce(5), rbac(5).

   Pluggable Authentication Modules (PAM)
       pam(3), pam_chauthtok(3), pam.conf(4), pam_user.conf(4).

   HP-UX Smart Card Login
       scpin(1), scsync(1).

STANDARDS CONFORMANCE
       SVID2, SVID3, XPG2

								     passwd(1)
[top]

List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net