unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



passwd(1)							    passwd(1)



NAME

  passwd, chfn,	chsh - Changes password	file information

SYNOPSIS

  passwd [-f  |	-s] [username]

  passwd  -q  [username]

  passwd  -q  -a

  chfn [username]

  chsh [username]

  This security-sensitive command uses the SIA (Security Integration Archi-
  tecture) routine as an interface to the security mechanisms. See the
  matrix.conf(4) reference page	for more information.

OPTIONS

  -a  Report the password attributes of	all users. This	option may only	be
      used with	the -q option and you must be root.

  -f  Invokes the chfn command when given with the passwd command.

  -q [username]
      Report the  password attributes of the specified user. If	the -a option
      is given,	all users are listed. Users other than root may	only use the
      -q option	on themselves. If a username is	not specified, then the
      current username is used.

  -s  Invokes the chsh command when given with the passwd command.

DESCRIPTION

  The passwd command changes (or installs) the password	associated with	your
  username (by default)	or the specified username.

  The chfn command changes the finger information in the GECOS field associ-
  ated with your username or the specified username. GECOS is an obsolete
  term,	but refers to the finger information field of the passwd structure as
  defined in the <&lt;pwd.h>&gt; file and the finger information field of the
  /etc/passwd file as described	in the passwd(4) reference page.  The infor-
  mation in the	GECOS field has	been formalized	by POSIX and is	a comma
  separated list containing the	user's full name, office phone,	office
  number, and home phone number.

  The chsh command changes the login shell of your username or of the speci-
  fied username.


  When using the passwd	command	to alter a password, the command prompts for
  the current password and then	for the	new one.  The caller must supply
  both.	 The new password must be typed	twice to forestall mistakes.

  Each password	must have at least six characters and can include digits,
  symbols, and the letters of your alphabet. It	is strongly suggested that
  you include unusual punctuation, control characters, or digits in your
  password.  Use of only lowercase letters is discouraged. If you enter	more
  than eight characters	when creating a	password, the passwd command ignores
  any characters after the eighth.

  When the -q option is	used, the output of the	passwd command	under base
  security is as follows:

       name  status

  The status is	"PS" if	the user has a password, "LK" if the user has an
  administrative lock, or "NP" if the user has no password.

  Under	enhanced security the passwd -q	command	gathers	information from the
  enhanced security password and system	defaults databases and presents	the
  data as follows:

       name status date	min_change max_change

  The status field is "PS" if the user has a password, "LK" if the user	has
  an administrative lock, or "NP" if the user has no password. The date	is
  the day of the last successful password change in mm/dd/yy format. The
  min_change field is the period in days, measured from	 the date of last
  password change, which must pass before a user can change his	user account
  password. A value of	0 means	the password may be changed at any time. The
  max_change field is the period in days, measured from	the date of last
  password change, for which the password is valid. Adding this	value to the
  date of last password	change gives the date at which the password expires
  and a	change will be required.  A value of 0 means that the password will
  never	expire.

  When altering	the GECOS information field, the chfn command displays the
  current information, broken into fields, as interpreted by the finger	pro-
  gram,	among others, and prompts for new values. These	fields include a
  user's proper	name, office room number, office phone number, and home	phone
  number.  Included in each prompt is a	default	value, which is	enclosed in [
  ] (brackets).	 The default value is accepted simply by pressing <&lt;Return>&gt;.
  To enter a blank field, the word none	can be entered.

  The chfn command allows phone	numbers	to be entered with or without dashes.
  It is	a good idea to run finger after	changing the GECOS information to
  make sure everything is set up properly.

  A superuser can change anyone's GECOS	information; other users can only
  change their own. Superusers can also	run the	account	management inter-
  faces, dxaccounts and	usermod	to modify passwords.

  When altering	a login	shell, the chsh	command	displays the current login
  shell	and then prompts for the new one.  The new login shell must be one of
  the approved shells listed in	the /etc/shells	file unless you	have
  superuser privileges.	If the /etc/shells file	does not exist,	the only
  shells that can be specified are /usr/bin/sh and /usr/bin/csh.

  Note that if you specify an abbreviated shell	name, the command chooses the
  first	entry in the /etc/shells file that matches the shell abbreviation.
  For example, if you specify ksh, and both the	/bin/ksh and /usr/bin/ksh
  shells are included in the /etc/shells file, the shell is changed to the
  shell	that is	specified first.


  A superuser can change anyone's login	shell; normal users can	only change
  their	own login shell.




				 Security Note

       When you	use the	passwd command,	with enhanced security installed, the
       system prompts for the existing password, and begins a password soli-
       citation	dialog that depends on the options for password	generation
       the administrator has enabled for your account.	There are four possi-
       ble options:

       Random syllables
	   A pronounceable password made up of meaningless syllables.

       Random characters
	   An unpronounceable password made up of random characters from the
	   character set.

       Random letters
	   An unpronounceable password made up of random letters from the
	   alphabet.

       User supplied
	   A user specified password, which is subject to length and trivial-
	   ity restrictions.

       A maximum length	is specified for all user passwords.  The minimum
       password	length depends on several parameters set in the	authentica-
       tion databases.

       The system requires a minimum time to elapse before you can change
       your password.  This stops you from reusing an old password too soon.

       A password expires after	a period of time known as the expiration
       time. The system	warns you when the expiration time is drawing near.

       A password dies after a period of time known as the password lifetime.
       After the lifetime passes, your account is locked until the adminis-
       trator reenables	it.  After unlocking, you must change your password
       again before you	can use	your account.

       When you	successfully type your old password, the system	prints the
       last successful and unsuccessful	password change	times.	Make sure
       that these times	are accurate; use them to detect attempted password
       changes by an unauthorized user.

       You can change your own password	if the administrator has enabled any
       of the password generation options for your account.

       Using the passwd	command	to reset a user's password does	not unlock
       the user's account if the account is locked for a reason	other than an
       expired password.

       If a password longer than 8 characters was entered under	base security
       and then	enhanced security is installed,	you must use only the first 8
       characters of the original password.  This is because base security
       only used the first 8 characters	of the password	and the
       enhanced/extended password is created from the base password.

       See the Security	manual for detailed instructions on changing your
       password.









EXAMPLES

   1.  To change your password,	enter:
	    passwd

       You are prompted	for your old password (if it exists).  You are then
       prompted	twice for the new password.

   2.  To change the office number and building	values in your GECOS informa-
       tion, enter:
	    chfn

       Your current GECOS values are displayed.	 Follow	the instructions and
       change your office number.  For example,	enter:
	    Name [Huan Kim]:
	    Room Number	[3A-41]: 4A-43
	    Office Phone [3-1234]:
	    Home Phone [555-1234]:



FILES

  /etc/passwd
      Contains user information.

  /etc/shells
      The list of approved shells.

  /tcb/files/auth.db
      Enhanced security	password database for system accounts.

  /var/tcb/files/auth.db
      Enhanced security	password database for user accounts.

  /etc/auth/system/default
      Enhanced security's system defaults database.

SEE ALSO

  Commands:  finger(1),	login(1), vipw(8), dxaccounts(8), usermod(8)

  Files:  matrix.conf(4), prpasswd(4), passwd(4)

  Security