Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
PASSWD(1)                  OpenBSD Reference Manual                  PASSWD(1)

     passwd - modify a user's password

     passwd [-l] [-y] [-k] [-K] [-n name] [-i instance] [-r realm] [-u
            username[.instance][@realm]] [user]

     passwd changes the user's local, KerberosIV, KerberosV, or YP password.
     First, the user is prompted for their current password.  If the current
     password is correctly typed, a new password is requested.  The new pass-
     word must be entered twice to avoid typing errors.

     The new password should be at least six characters long and not purely
     alphabetic.  Its total length must be less than _PASSWORD_LEN (currently
     128 characters).  A mixture of both lower and uppercase letters, numbers,
     and meta-characters is encouraged.

     The quality of the password can be enforced by specifying an external
     checking program via the ``passwordcheck'' variable in login.conf(5).

     The options are as follows:

     -l      Causes the password to be updated only in the local password
             file.  When changing only the local password, pwd_mkdb(8) is used
             to update the password databases.

     -y      Forces the YP password database entry to be changed, even if the
             user has an entry in the local database.  The rpc.yppasswdd(8)
             daemon should be running on the YP master server.

     -k      Forces the change to affect the KerberosIV database, even if the
             user has a password in the local database.  Once the password has
             been verified, passwd communicates the new password information
             to the KerberosIV authenticating host.

     The following flags are only used when the -k flag is specified:

     -n name
           Specifies a name that will be used as the principal name rather
           than the username of the user running passwd. (This is determined
           from the ticket file if it exists; otherwise, it is determined from
           the Unix user ID.)

     -i instance
           Specifies an instance to use rather than a null instance.

     -r realm
           Specifies a realm instead of the local realm.

     -u username[.instance][@realm]
           Specifies a fully qualified KerberosIV principal.

     -K principal@REALM
           Changes a users KerberosV password.

     This is the behavior if no flags are specified: if KerberosIV is active
     then passwd will talk to the KerberosIV server (even if the user has an
     entry in the local database).  If the password is not in the local pass-
     word database, then an attempt is made to use the YP database.

     To change another user's KerberosIV password, one must first run kinit(1)
     followed by passwd(1). The superuser is not required to provide a user's
     current password if only the local password is modified.

     Which type of cipher is used to encrypt the password information depends
     on the configuration in login.conf(5). It can be different for local
     (``localcipher'') and YP (``ypcipher'') passwords.

     Attempting lock password file, please wait or press ^C to abort

     The password file is currently locked by another process; passwd will
     keep trying to lock the password file until it succeeds or you hit the
     interupt character (control-C by default).  If passwd is interrupted
     while trying to gain the lock the password changed will be lost.

     If the process holding the lock was prematurely terminated the lock file
     may be stale and passwd will wait forever trying to lock the password
     file.  To determine whether a live process is actually holding the lock,
     the admin may run the following:

           $ fstat /etc/ptmp

     If no process is listed, it is safe to remove the /etc/ptmp file to clear
     the error.

     /etc/login.conf     configuration options
     /etc/master.passwd  user database
     /etc/passwd         a Version 7 format password file
     /etc/passwd.XXXXXX  temporary copy of the password file
     /etc/ptmp           lock file for the passwd database

     chpass(1), kerberos(1), kinit(1), login(1), login.conf(5), passwd(5),
     pwd_mkdb(8), vipw(8)

     Robert Morris, and Ken Thompson, UNIX password security.

     A passwd command appeared in Version 3 AT&T UNIX.

OpenBSD 3.1                      July 24, 1991                               2


Want to link to this manual page? Use this URL:

home | help