passwd manpage

Search topic Section
Get manual page for the search topic
List all commands matching the search topic
List all topics in the manpage index

PASSWD(1)			User utilities			     PASSWD(1)

       passwd - update user's authentication tokens

       passwd [-k] [-l] [-u [-f]] [-d] [-n mindays] [-x maxdays] [-w warndays]
       [-i inactivedays] [-S] [--stdin] [username]

       The passwd utility is used to update user's authentication token(s).

       This task is achieved through calls to the Linux-PAM and	 Libuser  API.
       Essentially, it initializes itself as a "passwd" service with Linux-PAM
       and utilizes configured	password  modules  to  authenticate  and  then
       update a user's password.

       A simple entry in the global Linux-PAM configuration file for this ser-
       vice would be:

	# passwd service entry that does strength checking of
	# a proposed password before updating it.
	passwd password requisite pam_cracklib.so retry=3
	passwd password required pam_unix.so use_authtok

       Note, other module types are not required for this application to func-
       tion correctly.

       -k     The  option  -k, is used to indicate that the update should only
	      be for  expired  authentication  tokens  (passwords);  the  user
	      wishes to keep their non-expired tokens as before.

       -l     This  option  is	used  to  lock the specified account and it is
	      available to root only. The locking is  performed	 by  rendering
	      the  encrypted password into an invalid string (by prefixing the
	      encrypted string with an !).

	      This option is used to indicate that passwd should read the  new
	      password from standard input, which can be a pipe.

       -u     This  is	the  reverse  of  the  -l  option - it will unlock the
	      account password by removing the ! prefix. This option is avail-
	      able  to	root  only.  By default passwd will refuse to create a
	      passwordless account (it will not unlock	an  account  that  has
	      only  "!" as a password). The force option -f will override this

       -d     This is a quick way to delete a password for an account. It will
	      set the named account passwordless. Available to root only.

       -n     This  will  set  the  minimum password lifetime, in days, if the
	      user's account supports password lifetimes.  Available  to  root

       -x     This  will  set  the  maximum password lifetime, in days, if the
	      user's account supports password lifetimes.  Available  to  root

       -w     This  will set the number of days in advance the user will begin
	      receiving warnings that her password will expire, if the	user's
	      account supports password lifetimes.  Available to root only.

       -i     This  will  set  the  number  of	days which will pass before an
	      expired password for this account will be taken to mean that the
	      account  is  inactive  and  should  be  disabled,	 if the user's
	      account supports password lifetimes.  Available to root only.

       -S     This will output a short information about  the  status  of  the
	      password for a given account. Available to root user only.

Remember the following two principles
       Protect your password.
	      Don't  write  down  your password - memorize it.	In particular,
	      don't write it down and leave it anywhere, and don't place it in
	      an  unencrypted  file!  Use unrelated passwords for systems con-
	      trolled by different organizations.  Don't give  or  share  your
	      password,	 in particular to someone claiming to be from computer
	      support or a vendor.  Don't let  anyone  watch  you  enter  your
	      password.	  Don't	 enter	your  password to a computer you don't
	      trust or if things "look funny"; someone may be trying to hijack
	      your  password.	Use the password for a limited time and change
	      it periodically.

       Choose a hard-to-guess password.
	      passwd through the calls to the pam_cracklib PAM module will try
	      to prevent you from choosing a really bad password, but it isn't
	      foolproof; create your password  wisely.	 Don't	use  something
	      you'd  find  in a dictionary (in any language or jargon).	 Don't
	      use a name (including that of a spouse, parent, child, pet, fan-
	      tasy character, famous person, and location) or any variation of
	      your personal or account name.  Don't use accessible information
	      about  you  (such as your phone number, license plate, or social
	      security number) or your environment.  Don't use a birthday or a
	      simple  pattern  (such as "qwerty", "abc", or "aaa").  Don't use
	      any of those backwards, followed by a digit, or  preceded	 by  a
	      digit.  Instead,	use a mixture of upper and lower case letters,
	      as well as digits or punctuation.	 When choosing a new password,
	      make  sure  it's	unrelated  to  any previous password. Use long
	      passwords (say at least 8 characters long).   You	 might	use  a
	      word  pair  with	punctuation  inserted, a passphrase (an under-
	      standable sequence of words), or the first letter of  each  word
	      in a passphrase.

       These  principles are partially enforced by the system, but only partly
       so.  Vigilence on your part will make the system much more secure.

       On successful completion of its task, passwd will  complete  with  exit
       code 0.	An exit code of 1 indicates an error occurred.	Textual errors
       are written to the standard error stream.

       Linux-PAM (Pluggable Authentication modules for Linux).

       /etc/pam.d/passwd - the Linux-PAM configuration file

       None known.

       pam(8), pam.d(5), libuser.conf(5), and pam_chauthtok(3).

       For more complete information on how to configure this application with
       Linux-PAM, see the Linux-PAM System Administrators' Guide.

       Cristian Gafton <gafton@redhat.com>

GNU/Linux			  Sep 24 2009			     PASSWD(1)
YoLinux.com Home Page
YoLinux Tutorial Index
Privacy Policy | Advertise with us | Feedback Form |
Unauthorized copying or redistribution prohibited.
    Bookmark and Share