passwd(1)passwd(1)NAMEpasswd - change login password and associated attributes
SYNOPSIS
[name]
[name]
[shell]] [name]
[name]
min] warn] max] name
[shell]] [name]
[shell]] [name]
DESCRIPTION
The command modifies the password as well as the attributes associated
with the login name. If name is omitted, it defaults to the invoking
user's login name, which is determined using See getuid(2).
Ordinary users can only change passwords corresponding to their login
name. If an old password has been established, it is requested from
the user. If valid, a new password is obtained. Once the new password
is entered, it is determined if the old password has "aged" suffi‐
ciently. If password aging is not sufficient, the new password is
rejected and terminates. See passwd(4).
If password aging and construction requirements are met, the password
is re-entered to ensure consistency. If the new copy differs, repeats
the new password prompting cycle, at most twice.
A superuser, whose effective user ID is zero, (see id(1) and su(1)), is
allowed to change any password and is not forced to comply with pass‐
word aging. On a trusted system, superusers are prompted for old pass‐
words. On standard systems, superusers are not forced to comply with
password construction requirements. Refer also to the section of this
manpage. Null passwords can be created by entering a carriage return
in response to the prompt for a new password.
For the (local system) repository, if no file exists, then the
encrypted password is stored in the password field of If the file
exists, then the encrypted password is stored there, and an 'x' is
added to the password field of
The DCE repository is only available if Integrated Login has been con‐
figured. See auth.adm(1M). If Integrated Login has been configured,
other considerations apply. A user with appropriate DCE privileges is
capable of modifying a user's password, shell, gecos or home directory
and this is not dependent upon superuser privileges.
If the repository is not specified, that is, [name], the password is
changed in all existing repositories configured in If password options
are used, and no repository is specified, the default repository is
Options
The following options are recognized:
Modify the default shell for the user's login
name in the password file. If the shell is not pro‐
vided, the user will be prompted to enter the default
login shell.
The default password file is
The option can be used to choose an alternate password
file, where read and write permissions are required.
This option is only available when using the repository,
and it is not intended for trusted mode.
Change the gecos information in the password file,
which is used by the command. The user is prompted for
each subfield: name, location, work phone, and home
phone.
Specify the repository to which the operation is to be applied.
Supported repositories include and If repository is not
specified, the default is
Display some password attributes associated with the specified
name. Superuser privilege is required if the repository
is specified.
The format of the display will be:
or, if password aging information is not present
where status means: and
Display some password attributes for all users in the password file.
The option must be used in conjunction with the option,
with no name specified. For this is restricted to supe‐
ruser. For a more complete display of attributes use
the command.
Privileged User Options
A superuser can modify characteristics associated with the user name
using the following options:
Allow user to login without a password by deleting it.
This option unlocks/activates the user account if found
locked/deactivated.
Force user to change password upon next login by expiring
the current password.
Modify the default home directory in the
password file.
Lock user account.
This option replaces the encrypted password with *.
Determine the minimum number of days,
min, that must transpire before the user can change the
password. If the option was used in a previous invoca‐
tion of to immediately expire a password, the effect of
the option is cancelled. The effect of the option is
not cancelled if the option and option are specified on
the same command line or if the system has been con‐
verted to a trusted system.
Specify the number of days,
warn, prior to the password expiring when the user will
be notified that the password needs to be changed. This
option is not allowed for systems that are not using
shadow passwords.
Determine the maximum number of days,
max, a password can remain unchanged. The user must
enter another password after that number of days has
transpired, known as the password If the option was used
in a previous invocation of to immediately expire a
password, the effect of the option is cancelled, and the
password will not expire until days. The effect of the
option is not cancelled if the option and the option are
specified on the same command line or if the system has
been converted to a trusted system.
The min and max arguments are each represented in units of days. These
arguments will be rounded up to the nearest week on a standard HP-UX
system. If the system is then converted to a trusted system, the num‐
ber of days will be based on those weeks. If only one of the two argu‐
ments is supplied, and the other argument does not exist, then the num‐
ber of days is set to zero.
If patch PHCO_36523 or later is installed, then for systems using
shadow passwords the rounding of password aging arguments can be sup‐
pressed by creating the file If this file exists, then the command does
not round the and argument values to a multiple of a week. The use of
this file is specific to this release; in a future release the behavior
of the command will be changed to never round aging values for systems
that are using shadow passwords.
Password Aging
The following description applies to all repositories except nis, which
does not support password aging.
The system requires a minimum time to elapse before a password can be
changed. This prevents reuse of an old password within too brief a
period of time. System warnings are displayed as the expiration time
approaches.
A password is no longer usable after a time period known as the pass‐
word After the lifetime passes, the account is locked until it is re-
enabled by a system administrator. Once unlocked, the user is forced
to change the password before using the account.
The and arguments are each represented in units of days. These argu‐
ments are rounded up to the nearest week on a standard system. If only
one of the two arguments is supplied and the other argument does not
exist, then the number of days is set to zero.
Default values may be set in the file for the and options. See secu‐
rity(4). The attributes to select password aging defaults are:
Password Construction Requirements
Passwords must be constructed to meet the following requirements:
· On a standard system, only the first eight characters of a pass‐
word are significant.
· The default minimum password length is six characters for non-root
users on a standard system and for all users on a trusted system.
See the description of the attribute in security(4) for informa‐
tion on how to change this restriction.
· Characters must be from the 7-bit US-ASCII character set; letters
from the English alphabet.
· A password must contain at least two letters and at least one
numeric or special character.
· A password must differ from the user's login name and any reverse
or circular shift of that login name. For comparison purposes, an
uppercase letter and its corresponding lowercase equivalent are
treated as identical.
· A new password must differ from the old one by at least three
characters (one character for non super user if changed by the
super user in a trusted system).
Repository Configuration
The file specifies the repositories for which the password must be mod‐
ified. The following configurations are supported:
· passwd: files
· passwd: files nis
· passwd: compat (--> files nis)
Authorizations
When the Role-Based Access Control Extensions product (RBACExt) is
installed, users with specific authorizations can be granted access to
some of the options that normally require privileged user access when
the files or NIS repositories are used.
Refer to rbac(5) for more information on the Role-Based Access Control
product. The following is a list of the required authorizations for
running with particular options:
Allows a user to modify the password of any non-root user.
Allows a user to use the
option to delete the password of any non-root user.
Allows a user to use the
option to display the password attributes of any user.
Allows a user to use the
option to expire the password of any non-root user.
Allows a user to use the
option (or to modify the gecos information of any non-root user.
Allows a user to use the
option to change the home directory of any non-root user.
Allows a user to use the
option to lock the account of any non-root user.
Allows a user to use the
option to specify the expiration time of a password of any non-root
user.
Allows a user to use the
option to specify, for non-root users, the minimum number of days
that must transpire before a password can be changed.
Allows a user to use the
option (or to change the default shell of any non-root user.
Allows a user to use the
option to specify, for non-root users, the number of days prior to
a password's expiration that the user will be notified.
Smart Card Login
If the user account is configured to use a Smart Card, the user pass‐
word is stored in the card. This password has characteristics identi‐
cal to a normal password stored on the system.
The Smart Card must be inserted into the Smart Card reader. The user
is prompted for a PIN instead of a password during authentication.
The password is retrieved automatically from the Smart Card when a
valid PIN is entered. Therefore, it is not necessary to know the pass‐
word, only the PIN.
If the system retrieves a valid old password from the card, a new pass‐
word is requested (twice). If the new password meets all requirements,
the system automatically overwrites the old password stored on the card
with the new password.
Therefore, the new dialog resembles:
A Smart Card account can be shared among users. If one user modifies
the password, other users must use the command to write the new pass‐
word onto their cards.
The command is used to change the Smart Card PIN.
SECURITY FEATURES
This section applies only to trusted systems. It describes additional
capabilities and restrictions.
When is invoked on a trusted system, the existing password is requested
(if one is present). This initiates the password solicitation dialog
which depends upon the type of password generation (format policy) that
has been enabled on the account doing the command. There are four pos‐
sible options for password generation:
Random syllables A pronounceable password made up of
meaningless syllables.
Random characters An unpronounceable password made up of
random characters from the character
set.
Random letters An unpronounceable password made up of
random letters from the alphabet.
User-supplied A user-supplied password, subject to
length and triviality restrictions.
Passwords can be greater than eight characters, but it is recommended
that they be less than 40 characters. System warnings are displayed if
passwords lengths are either too long or short. The system administra‐
tor can specify a maximum password length guideline for the system gen‐
erated options (random syllables, random characters, and random let‐
ters). The actual maximum password length depends upon several parame‐
ters in the authentication database and in the algorithm.
The system requires a to elapse before a password can be changed. This
prevents reuse of an old password within an undesirable period of time.
A password expires after a period of time known as the System warnings
are displayed as expiration time approaches.
A password dies after a time period known as the After the lifetime
passes, the account is locked until it is re-enabled by a system admin‐
istrator. Once unlocked, the user is forced to change the password
before account use.
The system administrator can enable accounts without passwords. If a
user account is allowed to function without a password, the user can
choose a null password by typing a carriage-return when prompted for a
new password.
The system administrator can enable the password history feature to
discourage users from reusing previously used passwords. Refer to the
security(4) manual page for detailed information on configurable
attributes that affect the behavior of this command. The attribute for
password history is:
EXTERNAL INFLUENCES
International Code Set Support
Characters from single-byte character code sets are supported in pass‐
words.
EXAMPLES
Change the password expiration date of to 42 days in the repository:
Force to establish a new password on the next login which will expire
in 70 days and prohibit the user from changing the password until 7
days have transpired:
DEPENDENCIES
Pluggable Authentication Modules (PAM)
PAM is an Open Group standard for user authentication, password modifi‐
cation, and account validation. In particular, is invoked to perform
all functions related to This includes establishing and changing a
password, using options, and displaying error messages.
WARNINGS
Avoid password characters which have special meaning to the tty driver,
such as # (erase) and @ (kill). You may not be able to login with
these characters.
Multiple superusers are allowed, but are strongly discouraged. That is
because the system often stores user ID rather than user name. Having
unique IDs for all users will guarantee a consistent mapping between
user name and user ID.
HP-UX 11i Version 3 is the last release to support trusted systems
functionality.
FILES
Standard password file used by HP-UX.
Shadow password file.
Protected password database used when system is converted to trusted
system.
Repository Configuration. Security defaults configuration
file.
If patch PHCO_36523 or later is installed, do not round
password aging values on systems
using shadow passwords.
SEE ALSOchfn(1), id(1), login(1), su(1), logins(1M), pwconv(1M), auth.adm(1M),
getuid(2), crypt(3C), passwd(4), security(4), shadow(4), auth(5),
auth.dce(5), rbac(5).
Pluggable Authentication Modules (PAM)
pam(3), pam_chauthtok(3), pam.conf(4), pam_user.conf(4).
HP-UX Smart Card Login
scpin(1), scsync(1).
STANDARDS CONFORMANCE
SVID2, SVID3, XPG2
passwd(1)