Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
PASSWD(1)			User utilities			     PASSWD(1)

NAME
       passwd -	update a user's	authentication tokens(s)

SYNOPSIS
       passwd [-k] [-l]	[-u [-f]] [-d] [-n mindays] [-x	maxdays] [-w warndays]
       [-i inactivedays] [-S] [username]

DESCRIPTION
       Passwd is used to update	a user's authentication	token(s).

       Passwd is configured to work through the	Linux-PAM  API.	  Essentially,
       it initializes itself as	a "passwd" service with	Linux-PAM and utilizes
       configured password modules to authenticate and then  update  a	user's
       password.

       A  simple  entry	 in  the Linux-PAM configuration file for this service
       would be:

	#
	# passwd service entry that does strength checking of
	# a proposed password before updating it.
	#
	passwd password	requisite \
		    /usr/lib/security/pam_cracklib.so retry=3
	passwd password	required \
		    /usr/lib/security/pam_unix.so use_authtok
	#

       Note, other module-types	are not	required for this application to func-
       tion correctly.

OPTIONS
       -k     The  option, -k, is used to indicate that	the update should only
	      be for  expired  authentication  tokens  (passwords);  the  user
	      wishes to	keep their non-expired tokens as before.

       -l     This  option  is	used  to  lock the specified account and it is
	      available	to root	only. The locking is  performed	 by  rendering
	      the  encrypted password into an invalid string (by prefixing the
	      encrypted	string with an !).

       --stdin
	      This option is used to indicate that passwd should read the  new
	      password from standard input, which can be a pipe.

       -u     This  is	the  reverse  of  the  -l  option - it will unlock the
	      account password by removing the ! prefix. This option is	avail-
	      able  to	root  only.  By	default	passwd will refuse to create a
	      passwordless account (it will not	unlock	an  account  that  has
	      only  "!"	as a password).	The force option -f will override this
	      protection.

       -d     This is a	quick way to disable a password	 for  an  account.  It
	      will set the named account passwordless. Available to root only.

       -n     This  will  set  the  minimum password lifetime, in days,	if the
	      user's account supports password lifetimes.  Available  to  root
	      only.

       -x     This  will  set  the  maximum password lifetime, in days,	if the
	      user's account supports password lifetimes.  Available  to  root
	      only.

       -w     This  will set the number	of days	in advance the user will begin
	      receiving	warnings that her password will	expire,	if the	user's
	      account supports password	lifetimes.  Available to root only.

       -i     This  will  set  the  number  of	days which will	pass before an
	      expired password for this	account	will be	taken to mean that the
	      account  is  inactive  and  should  be  disabled,	 if the	user's
	      account supports password	lifetimes.  Available to root only.

       -S     This will	output a short information about  the  status  of  the
	      password for a given account. Available to root user only.

Remember the following two principles
       Protect your password.
	      Don't  write  down  your password	- memorize it.	In particular,
	      don't write it down and leave it anywhere, and don't place it in
	      an  unencrypted  file!  Use unrelated passwords for systems con-
	      trolled by different organizations.  Don't give  or  share  your
	      password,	 in particular to someone claiming to be from computer
	      support or a vendor.  Don't let  anyone  watch  you  enter  your
	      password.	  Don't	 enter	your  password to a computer you don't
	      trust or if things Use the  password  for	 a  limited  time  and
	      change it	periodically.

       Choose a	hard-to-guess password.
	      passwd  will try to prevent you from choosing a really bad pass-
	      word, but	it  isn't  foolproof;  create  your  password  wisely.
	      Don't  use something you'd find in a dictionary (in any language
	      or jargon).  Don't use a name (including that of a spouse,  par-
	      ent, child, pet, fantasy character, famous person, and location)
	      or any variation of your personal	or account  name.   Don't  use
	      accessible  information  about  you  (such as your phone number,
	      license plate, or	social security	number)	or  your  environment.
	      Don't  use  a  birthday  or a simple pattern (such as backwards,
	      followed by a digit, or preceded by a digit. Instead, use	a mix-
	      ture of upper and	lower case letters, as well as digits or punc-
	      tuation.	When choosing a	new password, make sure	it's unrelated
	      to  any  previous	password. Use long passwords (say 8 characters
	      long).  You might	use a word pair	with punctuation  inserted,  a
	      passphrase  (an  understandable sequence of words), or the first
	      letter of	each word in a passphrase.

       These principles	are partially enforced by the system, but only	partly
       so.  Vigilence on your part will	make the system	much more secure.

EXIT CODE
       On  successful  completion  of its task,	passwd will complete with exit
       code 0.	An exit	code of	1 indicates an error occurred.	Textual	errors
       are written to the standard error stream.

CONFORMING TO
       Linux-PAM (Pluggable Authentication modules for Linux).
       Note,  if your distribution of Linux-PAM	conforms to the	Linux Filesys-
       tem Standard, you may find the modules  in  /lib/security/  instead  of
       /usr/lib/security/, as indicated	in the example.

FILES
       /etc/pam.d/passwd - the Linux-PAM configuration file

BUGS
       None known.

SEE ALSO
       pam(8), and pam_chauthok(2).

       For more	complete information on	how to configure this application with
       Linux-PAM, see the Linux-PAM System Administrators' Guide at
       _http://parc.power.net/morgan/Linux-PAM/index.html_

AUTHOR
       Cristian	Gafton <gafton@redhat.com>

Red Hat	Linux			  Jan 03 1998			     PASSWD(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | Remember the following two principles | EXIT CODE | CONFORMING TO | FILES | BUGS | SEE ALSO | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=passwd&sektion=1&manpath=Red+Hat+9>

home | help