3 .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
4 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
6 .\" Manual: User Commands
7 .\" Source: User Commands
10 .TH "PASSWD" "1" "02/16/2011" "User Commands" "User Commands"
11 .\" -----------------------------------------------------------------
12 .\" * Define some portability stuff
13 .\" -----------------------------------------------------------------
14 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
15 .\" http://bugs.debian.org/507673
16 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
17 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
20 .\" -----------------------------------------------------------------
21 .\" * set default formatting
22 .\" -----------------------------------------------------------------
23 .\" disable hyphenation
25 .\" disable justification (adjust text to left margin only)
27 .\" -----------------------------------------------------------------
28 .\" * MAIN CONTENT STARTS HERE *
29 .\" -----------------------------------------------------------------
31 passwd \- change user password
33 .HP \w'\fBpasswd\fR\ 'u
34 \fBpasswd\fR [\fIoptions\fR] [\fILOGIN\fR]
39 command changes passwords for user accounts\&. A normal user may only change the password for his/her own account, while the superuser may change the password for any account\&.
41 also changes the account or associated password validity period\&.
42 .SS "Password Changes"
44 The user is first prompted for his/her old password, if one is present\&. This password is then encrypted and compared against the stored password\&. The user has only one chance to enter the correct password\&. The superuser is permitted to bypass this step so that forgotten passwords may be changed\&.
46 After the password has been entered, password aging information is checked to see if the user is permitted to change the password at this time\&. If not,
48 refuses to change the password and exits\&.
50 The user is then prompted twice for a replacement password\&. The second entry is compared against the first and both are required to match in order for the password to be changed\&.
52 Then, the password is tested for complexity\&. As a general guideline, passwords should consist of 6 to 8 characters including one or more characters from each of the following sets:
62 lower case alphabetics
87 Care must be taken not to include the system default erase or kill characters\&.
89 will reject any password which is not suitably complex\&.
90 .SS "Hints for user passwords"
92 The security of a password depends upon the strength of the encryption algorithm and the size of the key space\&. The legacy
94 System encryption method is based on the NBS DES algorithm\&. More recent methods are now recommended (see
95 \fBENCRYPT_METHOD\fR)\&. The size of the key space depends upon the randomness of the password which is selected\&.
97 Compromises in password security normally result from careless password selection or handling\&. For this reason, you should not select a password which appears in a dictionary or which must be written down\&. The password should also not be a proper name, your license number, birth date, or street address\&. Any of these may be used as guesses to violate system security\&.
99 You can find advices on how to choose a strong password on http://en\&.wikipedia\&.org/wiki/Password_strength
102 The options which apply to the
106 \fB\-a\fR, \fB\-\-all\fR
108 This option can be used only with
110 and causes show status for all users\&.
113 \fB\-d\fR, \fB\-\-delete\fR
115 Delete a user\*(Aqs password (make it empty)\&. This is a quick way to disable a password for an account\&. It will set the named account passwordless\&.
118 \fB\-e\fR, \fB\-\-expire\fR
120 Immediately expire an account\*(Aqs password\&. This in effect can force a user to change his/her password at the user\*(Aqs next login\&.
123 \fB\-h\fR, \fB\-\-help\fR
125 Display help message and exit\&.
128 \fB\-i\fR, \fB\-\-inactive\fR \fIINACTIVE\fR
130 This option is used to disable an account after the password has been expired for a number of days\&. After a user account has had an expired password for
132 days, the user may no longer sign on to the account\&.
135 \fB\-k\fR, \fB\-\-keep\-tokens\fR
137 Indicate password change should be performed only for expired authentication tokens (passwords)\&. The user wishes to keep their non\-expired tokens as before\&.
140 \fB\-l\fR, \fB\-\-lock\fR
142 Lock the password of the named account\&. This option disables a password by changing it to a value which matches no possible encrypted value (it adds a \(aa!\(aa at the beginning of the password)\&.
144 Note that this does not disable the account\&. The user may still be able to login using another authentication token (e\&.g\&. an SSH key)\&. To disable the account, administrators should use
145 \fBusermod \-\-expiredate 1\fR
146 (this set the account\*(Aqs expire date to Jan 2, 1970)\&.
148 Users with a locked password are not allowed to change their password\&.
151 \fB\-n\fR, \fB\-\-mindays\fR \fIMIN_DAYS\fR
153 Set the minimum number of days between password changes to
154 \fIMIN_DAYS\fR\&. A value of zero for this field indicates that the user may change his/her password at any time\&.
157 \fB\-q\fR, \fB\-\-quiet\fR
162 \fB\-r\fR, \fB\-\-repository\fR \fIREPOSITORY\fR
169 \fB\-S\fR, \fB\-\-status\fR
171 Display account status information\&. The status information consists of 7 fields\&. The first field is the user\*(Aqs login name\&. The second field indicates if the user account has a locked password (L), has no password (NP), or has a usable password (P)\&. The third field gives the date of the last password change\&. The next four fields are the minimum age, maximum age, warning period, and inactivity period for the password\&. These ages are expressed in days\&.
174 \fB\-u\fR, \fB\-\-unlock\fR
176 Unlock the password of the named account\&. This option re\-enables a password by changing the password back to its previous value (to the value before using the
181 \fB\-w\fR, \fB\-\-warndays\fR \fIWARN_DAYS\fR
183 Set the number of days of warning before a password change is required\&. The
185 option is the number of days prior to the password expiring that a user will be warned that his/her password is about to expire\&.
188 \fB\-x\fR, \fB\-\-maxdays\fR \fIMAX_DAYS\fR
190 Set the maximum number of days a password remains valid\&. After
191 \fIMAX_DAYS\fR, the password is required to be changed\&.
195 Password complexity checking may vary from site to site\&. The user is urged to select a password as complex as he or she feels comfortable with\&.
197 Users may not be able to change their password on a system if NIS is enabled and they are not logged into the NIS server\&.
200 The following configuration variables in
202 change the behavior of this tool:
204 \fBENCRYPT_METHOD\fR (string)
206 This defines the system default encryption algorithm for encrypting passwords (if no algorithm are specified on the command line)\&.
208 It can take one of these values:
255 Note: this parameter overrides the
260 \fBMD5_CRYPT_ENAB\fR (boolean)
262 Indicate if passwords must be encrypted using the MD5\-based algorithm\&. If set to
263 \fIyes\fR, new passwords will be encrypted using the MD5\-based algorithm compatible with the one used by recent releases of FreeBSD\&. It supports passwords of unlimited length and longer salt strings\&. Set to
265 if you need to copy encrypted passwords to other systems which don\*(Aqt understand the new algorithm\&. Default is
268 This variable is superceded by the
270 variable or by any command line option used to configure the encryption algorithm\&.
272 This variable is deprecated\&. You should use
273 \fBENCRYPT_METHOD\fR\&.
276 \fBOBSCURE_CHECKS_ENAB\fR (boolean)
278 Enable additional checks upon password changes\&.
281 \fBPASS_ALWAYS_WARN\fR (boolean)
283 Warn about weak passwords (but still allow them) if you are root\&.
286 \fBPASS_CHANGE_TRIES\fR (number)
288 Maximum number of attempts to change password if rejected (too easy)\&.
291 \fBPASS_MAX_LEN\fR (number), \fBPASS_MIN_LEN\fR (number)
293 Number of significant characters in the password for crypt()\&.
295 is 8 by default\&. Don\*(Aqt change unless your crypt() is better\&. This is ignored if
301 \fBSHA_CRYPT_MIN_ROUNDS\fR (number), \fBSHA_CRYPT_MAX_ROUNDS\fR (number)
308 \fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&.
310 With a lot of rounds, it is more difficult to brute forcing the password\&. But note also that more CPU resources will be needed to authenticate users\&.
312 If not specified, the libc will choose the default number of rounds (5000)\&.
314 The values must be inside the 1000\-999999999 range\&.
317 \fBSHA_CRYPT_MIN_ROUNDS\fR
319 \fBSHA_CRYPT_MAX_ROUNDS\fR
320 values is set, then this value will be used\&.
323 \fBSHA_CRYPT_MIN_ROUNDS\fR
325 \fBSHA_CRYPT_MAX_ROUNDS\fR, the highest value will be used\&.
331 User account information\&.
336 Secure user account information\&.
341 Shadow password suite configuration\&.
347 command exits with the following values:
361 invalid combination of options
366 unexpected failure, nothing done
384 invalid argument to option