passwd
SYNOPSIS
passwd [-f|-g|-s|-k[-q]] [name]
passwd [-D binddn][-n min][-x max][-w warn][-i inact] user
passwd [-D binddn] {-l|-u|-d|-S[-a]|-e|-h} name
DESCRIPTION
passwd changes passwords for user and group accounts.
While an administrator may change the password for any
account or group, a normal user is only allowed to change
the password for their own account. passwd also changes
account information, such as the full name of the user,
their login shell, password expiry dates and intervals or
disable an account.
Password Changes
If an old password is present, the user is first promted
for it and the password is compared agaisnt the stored
one. This can be changed, depending which PAM modules are
used. An administrator is permitted to bypass this step
so that forgotten passwords may be changed.
After the user is authenticated, password aging informa
tion are checked to see if the user is permitted to change
their password at this time. Else passwd refuses to change
the password.
The user is then prompted for a replacement password.
Care must be taken to not include special control charac
ters or characters, which are not available on all key
boards.
If the password is accepted, passwd will prompt again and
compare the second entry against the first. Both entries
are require to match in order for the password to be
changed.
OPTIONS
-f Change the finger (gecos) information. This are the
users fullname, office room number, office phone
number and home phone number. This information is
stored in the /etc/passwd file and typically
printed by finger(1) and similiar programs.
-g With this option, the password for the named group
will be changed. The user must be a group adminis
trator for the named group or the super user.
-s This option is used to change the user login shell.
A normal user may only change the login shell for
their own account, the super user may change the
login shell for any account.
-x max With this option the maximum number of days during
which a password is valid is changed. When maxdays
plus lastday is less than the current day, the user
will be required to change his password before
being able to use the account.
-w warn
With this option the number of days of warning
before a password change is required can be
changed. This option is the number of days prior to
the password expiring that a user will be warned
the password is about to expire.
-i inact
This option is used to set the number of days of
inactivity after a password has expired before the
account is locked. A user whose account is locked
must contact the system administrator before being
able to use the account again. A value of 0 dis
ables this feature.
Account maintenance
-l A system administrator can lock the account of the
specified user.
-u A system administrator can unlock the specified
account.
-d The password of the given account can be deleted by
the system administrator.
-S Report password status on the named account. The
first part indicates if the user account is locked
(L), has no password (NP), or has a usable password
(P). The second part gives the date of the last
password change. The next parts are the minimum
age, maximum age, warning period, and inactivity
period for the password.
-a Report the password status for all accounts. Can
only be used in conjunction with -S.
-e The user will be forced to change the password at
next login.
-h Change the home directory of the named user (only
by a system administrator).
Name service switch options
-D binddn
pwdutils January 2003 passwd(1)
|