Initial commit for Tizen

[profile/extras/shadow-utils.git] / man / sv / passwd.1

'\" t
.\"     Title: passwd
.\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
.\"      Date: 16-02-2011
.\"    Manual: Anv\(:andarkommandon
.\"    Source: Anv\(:andarkommandon
.\"  Language: Swedish
.\"
.TH "PASSWD" "1" "16-02-2011" "Anv\(:andarkommandon" "Anv\(:andarkommandon"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAMN"
passwd \- \(:andra anv\(:andarl\(:osenord
.SH "SYNOPSIS"
.HP \w'\fBpasswd\fR\ 'u
\fBpasswd\fR [\fIflaggor\fR] [\fIINLOGGNINGSNAMN\fR]
.SH "BESKRIVNING"
.PP
The
\fBpasswd\fR
command changes passwords for user accounts\&. A normal user may only change the password for his/her own account, while the superuser may change the password for any account\&.
\fBpasswd\fR
also changes the account or associated password validity period\&.
.SS "L\(:osenords\(:andringar"
.PP
The user is first prompted for his/her old password, if one is present\&. This password is then encrypted and compared against the stored password\&. The user has only one chance to enter the correct password\&. The superuser is permitted to bypass this step so that forgotten passwords may be changed\&.
.PP
Efter att l\(:osenordet har matats in kontrolleras l\(:osenordets \(oaldringsinformation f\(:or att se om anv\(:andaren till\(oats att \(:andra l\(:osenord f\(:or tillf\(:allet\&. Om inte, nekar
\fBpasswd\fR
att \(:andra l\(:osenordet och avslutas\&.
.PP
Anv\(:andaren fr\(oagas sedan tv\(oa g\(oanger efter ett ers\(:attande l\(:osenord\&. Den andra inmatningen j\(:amf\(:ors mot den f\(:orsta och b\(oada m\(oaste st\(:amma \(:overens f\(:or att l\(:osenordet ska \(:andras\&.
.PP
Sedan testas l\(:osenordet f\(:or sin komplexitet\&. Som en allm\(:an riktlinje b\(:or l\(:osenord inneh\(oalla 6 till 8 tecken och inkluderas ett eller flera tecken fr\(oan var och en av f\(:oljande punkter:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
gemena bokst\(:aver ur alfabetet
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
siffrorna 0 till 9
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
skiljetecken
.RE
.PP
T\(:ank p\(oa att inte inkludera systemets standardtecken f\(:or radering eller d\(:oda\&.
\fBpasswd\fR
kommer att neka alla l\(:osenord som inte har l\(:amplig komplexitet\&.
.SS "Tips f\(:or anv\(:andarl\(:osenord"
.PP
The security of a password depends upon the strength of the encryption algorithm and the size of the key space\&. The legacy
\fIUNIX\fR
System encryption method is based on the NBS DES algorithm\&. More recent methods are now recommended (see
\fBENCRYPT_METHOD\fR)\&. The size of the key space depends upon the randomness of the password which is selected\&.
.PP
Problem i l\(:osenordss\(:akerheten brukar normalt komma fr\(oan slarvigt valda l\(:osenord eller hantering\&. Av denna anledning b\(:or du inte v\(:alja ett l\(:osenord som finns i en ordbok eller som m\(oaste skrivas ner\&. L\(:osenordet b\(:or heller inte vara ett korrekt namn, ditt personnummer, f\(:odelsedatum eller gatuadress\&. Dessa kan anv\(:andas som gissningar f\(:or att ta sig in i systemet\&.
.PP
You can find advices on how to choose a strong password on http://en\&.wikipedia\&.org/wiki/Password_strength
.SH "FLAGGOR"
.PP
Flaggorna som g\(:aller f\(:or kommandot
\fBpasswd\fR
\(:ar:
.PP
\fB\-a\fR, \fB\-\-all\fR
.RS 4
Denna flagga kan endast anv\(:andas med
\fB\-S\fR
och g\(:or att status visas f\(:or alla anv\(:andare\&.
.RE
.PP
\fB\-d\fR, \fB\-\-delete\fR
.RS 4
Ta bort en anv\(:andares l\(:osenord (g\(:or det blankt)\&. Detta \(:ar ett snabbt s\(:att att inaktivera ett l\(:osenord f\(:or ett konto\&. Det kommer att ta bort det angivna kontots l\(:osenord\&.
.RE
.PP
\fB\-e\fR, \fB\-\-expire\fR
.RS 4
L\(:osenordet f\(:or ett konto s\(:atts omedelbart som utg\(oanget\&. Detta kan tvinga en anv\(:andare att \(:andra sitt l\(:osenord vid n\(:asta inloggningsf\(:ors\(:ok\&.
.RE
.PP
\fB\-h\fR, \fB\-\-help\fR
.RS 4
Visa hj\(:alpmeddelande och avsluta\&.
.RE
.PP
\fB\-i\fR, \fB\-\-inactive\fR\fIINAKTIV\fR
.RS 4
Denna flagga anv\(:ands f\(:or att inaktivera ett konto efter att l\(:osenordet har varit utg\(oanget i ett antal dagar\&. Efter att ett anv\(:andarkonto har haft ett utg\(oanget l\(:osenord i
\fIINAKTIV\fR
dagar f\(oar anv\(:andaren inte l\(:angre logga in med detta konto\&.
.RE
.PP
\fB\-k\fR, \fB\-\-keep\-tokens\fR
.RS 4
Indicate password change should be performed only for expired authentication tokens (passwords)\&. The user wishes to keep their non\-expired tokens as before\&.
.RE
.PP
\fB\-l\fR, \fB\-\-lock\fR
.RS 4
Lock the password of the named account\&. This option disables a password by changing it to a value which matches no possible encrypted value (it adds a \(aa!\(aa at the beginning of the password)\&.
.sp
Note that this does not disable the account\&. The user may still be able to login using another authentication token (e\&.g\&. an SSH key)\&. To disable the account, administrators should use
\fBusermod \-\-expiredate 1\fR
(this set the account\*(Aqs expire date to Jan 2, 1970)\&.
.sp
Users with a locked password are not allowed to change their password\&.
.RE
.PP
\fB\-n\fR, \fB\-\-mindays\fR \fIMIN_DAYS\fR
.RS 4
S\(:atter minimalt antal dagar mellan l\(:osenords\(:andringar till
\fIMIN_DAGAR\fR\&. Ett nollv\(:arde f\(:or detta f\(:alt betyder att anv\(:andaren kan \(:andra sitt l\(:osenord n\(:ar som helst\&.
.RE
.PP
\fB\-q\fR, \fB\-\-quiet\fR
.RS 4
Tyst l\(:age\&.
.RE
.PP
\fB\-r\fR, \fB\-\-repository\fR\fIF\(:ORR\(oAD\fR
.RS 4
change password in
\fIREPOSITORY\fR
repository
.RE
.PP
\fB\-S\fR, \fB\-\-status\fR
.RS 4
Display account status information\&. The status information consists of 7 fields\&. The first field is the user\*(Aqs login name\&. The second field indicates if the user account has a locked password (L), has no password (NP), or has a usable password (P)\&. The third field gives the date of the last password change\&. The next four fields are the minimum age, maximum age, warning period, and inactivity period for the password\&. These ages are expressed in days\&.
.RE
.PP
\fB\-u\fR, \fB\-\-unlock\fR
.RS 4
Unlock the password of the named account\&. This option re\-enables a password by changing the password back to its previous value (to the value before using the
\fB\-l\fR
option)\&.
.RE
.PP
\fB\-w\fR, \fB\-\-warndays\fR\fIVARN_DAGAR\fR
.RS 4
S\(:atter antalet dagar f\(:or varning f\(:ore ett l\(:osenord beh\(:over \(:andras\&. Flaggan
\fIVARN_DAGAR\fR
\(:ar antalet dagar f\(:ore anv\(:andaren varnas om att l\(:osenordet \(:ar p\(oa v\(:ag att bli utg\(oanget\&.
.RE
.PP
\fB\-x\fR, \fB\-\-maxdays\fR\fIMAX_DAGAR\fR
.RS 4
S\(:atter maximalt antal dagar som ett l\(:osenord ska vara giltigt\&. Efter
\fIMAX_DAGAR\fR
kr\(:avs det att l\(:osenordet \(:andras\&.
.RE
.SH "T\(:ANK P\(oA"
.PP
Password complexity checking may vary from site to site\&. The user is urged to select a password as complex as he or she feels comfortable with\&.
.PP
Users may not be able to change their password on a system if NIS is enabled and they are not logged into the NIS server\&.
.SH "CONFIGURATION"
.PP
The following configuration variables in
/etc/login\&.defs
change the behavior of this tool:
.PP
\fBENCRYPT_METHOD\fR (string)
.RS 4
This defines the system default encryption algorithm for encrypting passwords (if no algorithm are specified on the command line)\&.
.sp
It can take one of these values:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIDES\fR
(default)
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIMD5\fR
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fISHA256\fR
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fISHA512\fR
.RE
.sp
Note: this parameter overrides the
\fBMD5_CRYPT_ENAB\fR
variable\&.
.RE
.PP
\fBMD5_CRYPT_ENAB\fR (boolean)
.RS 4
Indicate if passwords must be encrypted using the MD5\-based algorithm\&. If set to
\fIyes\fR, new passwords will be encrypted using the MD5\-based algorithm compatible with the one used by recent releases of FreeBSD\&. It supports passwords of unlimited length and longer salt strings\&. Set to
\fIno\fR
if you need to copy encrypted passwords to other systems which don\*(Aqt understand the new algorithm\&. Default is
\fIno\fR\&.
.sp
This variable is superceded by the
\fBENCRYPT_METHOD\fR
variable or by any command line option used to configure the encryption algorithm\&.
.sp
This variable is deprecated\&. You should use
\fBENCRYPT_METHOD\fR\&.
.RE
.PP
\fBOBSCURE_CHECKS_ENAB\fR (boolean)
.RS 4
Enable additional checks upon password changes\&.
.RE
.PP
\fBPASS_ALWAYS_WARN\fR (boolean)
.RS 4
Warn about weak passwords (but still allow them) if you are root\&.
.RE
.PP
\fBPASS_CHANGE_TRIES\fR (number)
.RS 4
Maximum number of attempts to change password if rejected (too easy)\&.
.RE
.PP
\fBPASS_MAX_LEN\fR (number), \fBPASS_MIN_LEN\fR (number)
.RS 4
Number of significant characters in the password for crypt()\&.
\fBPASS_MAX_LEN\fR
is 8 by default\&. Don\*(Aqt change unless your crypt() is better\&. This is ignored if
\fBMD5_CRYPT_ENAB\fR
set to
\fIyes\fR\&.
.RE
.PP
\fBSHA_CRYPT_MIN_ROUNDS\fR (number), \fBSHA_CRYPT_MAX_ROUNDS\fR (number)
.RS 4
When
\fBENCRYPT_METHOD\fR
is set to
\fISHA256\fR
or
\fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&.
.sp
With a lot of rounds, it is more difficult to brute forcing the password\&. But note also that more CPU resources will be needed to authenticate users\&.
.sp
If not specified, the libc will choose the default number of rounds (5000)\&.
.sp
The values must be inside the 1000\-999999999 range\&.
.sp
If only one of the
\fBSHA_CRYPT_MIN_ROUNDS\fR
or
\fBSHA_CRYPT_MAX_ROUNDS\fR
values is set, then this value will be used\&.
.sp
If
\fBSHA_CRYPT_MIN_ROUNDS\fR
>
\fBSHA_CRYPT_MAX_ROUNDS\fR, the highest value will be used\&.
.RE
.SH "FILER"
.PP
/etc/passwd
.RS 4
Anv\(:andarkontoinformation\&.
.RE
.PP
/etc/shadow
.RS 4
S\(:aker anv\(:andarkontoinformation\&.
.RE
.PP
/etc/login\&.defs
.RS 4
Shadow password suite configuration\&.
.RE
.SH "AVSLUTNINGSV\(:ARDEN"
.PP
Kommandot
\fBpasswd\fR
avslutas med f\(:oljande v\(:arden:
.PP
\fI0\fR
.RS 4
lyckad
.RE
.PP
\fI1\fR
.RS 4
\(oatkomst nekad
.RE
.PP
\fI2\fR
.RS 4
ogiltig kombination av flaggor
.RE
.PP
\fI3\fR
.RS 4
ov\(:antat fel, ingenting har genomf\(:orts
.RE
.PP
\fI4\fR
.RS 4
ov\(:antat fel, filen
passwd
saknas
.RE
.PP
\fI5\fR
.RS 4
Filen
passwd
\(:ar upptagen, f\(:ors\(:ok igen
.RE
.PP
\fI6\fR
.RS 4
ogiltigt argument till flagga
.RE
.SH "SE OCKS\(oA"
.PP

\fBpasswd\fR(5),
\fBshadow\fR(5),
\fBlogin.defs\fR(5),
\fBusermod\fR(8)\&.