PASSWD(1) INTERACTIVE UNIX System PASSWD(1)
NAME
passwd - change login password and password attributes
SYNOPSIS
passwd [name]
passwd -s [name]
passwd -l [-f] [-x max] [-n min] name
passwd -d [-f] [-x max] [-n min] name
passwd -s [-a]
DESCRIPTION
The passwd command changes the password or lists password
attributes associated with the user's login name. Addition-
ally, super-users may use passwd to install or change pass-
words and attributes associated with any login name.
(Options relating to password attributes are only available
on systems using the /etc/shadow security feature.)
When used to change a password, passwd prompts ordinary
users for their old password, if any. It then prompts for
the new password twice. When the old password is entered,
passwd checks to see if it has "aged" sufficiently. If
"aging" is insufficient, passwd terminates; see passwd(4).
If the user's password aging has not been turned on, then
password aging is turned on for the user using the MAXWEEK
and MINWEEK parameters in /etc/default/passwd. If password
aging is turned on, the password aging information in
/etc/shadow remains unmodified.
Assuming aging is sufficient, a check is made to ensure that
the new password meets construction requirements. When the
new password is entered a second time, the two copies of the
new password are compared. If the two copies are not ident-
ical the cycle of prompting for the new password is repeated
for at most two more times.
Passwords must be constructed to meet the following require-
ments:
Each password must have at least PASSLENGTH characters
as set in /etc/default/passwd. PASSLENGTH must contain
a minimum of three characters, but only the first eight
characters are significant.
Each password must contain at least two alphabetic
characters and at least one numeric or special charac-
ter. In this case, "alphabetic" refers to all upper-
case or lowercase letters.
Each password must differ from the user's login name
Rev. Base System Page 1
PASSWD(1) INTERACTIVE UNIX System PASSWD(1)
and any reverse or circular shift of that login name.
For comparison purposes, an uppercase letter and its
corresponding lowercase letter are equivalent.
New passwords must differ from the old by at least
three characters. For comparison purposes, an upper-
case letter and its corresponding lowercase letter are
equivalent.
Super-users [e.g., real and effective uid equal to zero, see
id(1M) and su(1M)] may change any password; hence, passwd
does not prompt super-users for the old password. Super-
users are not forced to comply with password aging and pass-
word construction requirements. A super-user can create a
null password by entering a carriage return in response to
the prompt for a new password. (This differs from passwd -d
because the "password" prompt will still be displayed.)
Any user may use the -s option to show password attributes
for the login name.
The format of the display will be
name status mm/dd/yy min max
or, if password aging information is not present,
name status
where:
name The login ID of the user.
status The password status of name: PS stands for
passworded or locked, LK stands for locked, and
NP stands for no password.
mm/dd/yy The date password was last changed for name.
min The minimum number of days required between
password changes for name.
max The maximum number of days the password is valid
for name.
Only a super-user can use the following options:
-l Locks password entry for name.
-d Deletes password for name. The login name will
not be prompted for password.
-n Set minimum field for name. The min field con-
tains the minimum number of days between password
Rev. Base System Page 2
PASSWD(1) INTERACTIVE UNIX System PASSWD(1)
changes for name. Always use this option with the
-x option (except when -x man is set to -1) to
insure that aging is turned on.
-x Set maximum field for name. The max field con-
tains the number of days that the password is
valid for name. The aging for name will be turned
off immediately if max is set to -1. (Do not use
with the -n option.) If it is set to 0, then the
user is forced to change the password and aging is
turned off at the next day's login session.
-a Show password attributes for all entries. Use
only with -s option; name must not be provided.
-f Force the user to change password at the next
login by expiring the password for name.
FILES
/etc/passwd
/etc/shadow
/etc/opasswd
/etc/oshadow
/etc/default/passwd
SEE ALSO
login(1), id(1M), passmgmt(1M), pwconv(1M), su(1M).
crypt(3C), passwd(4) in the INTERACTIVE SDS Guide and
Programmer's Reference Manual.
DIAGNOSTICS
The passwd command exits with one of the following values:
0 SUCCESS.
1 Permission denied.
2 Invalid combination of options.
3 Unexpected failure. Password file unchanged.
4 Unexpected failure. Password file(s) missing.
5 Password file(s) busy. Try again later.
6 Invalid argument to option.
WARNING
If root deletes a password for a user with the passwd -d
command, and password aging is in effect for that user, the
user will not be allowed to add a new password until the
NULL password has been aged. This is true even if the
PASSREQ flag in /etc/login/default is set to YES. This
Rev. Base System Page 3
PASSWD(1) INTERACTIVE UNIX System PASSWD(1)
results in a user without a password. It is recommended
that the -f option be used whenever the -d (delete) option
is used. This will force a user to change the password at
next login.
Rev. Base System Page 4