irix - passwd (1)




NAME
     passwd - change login password and	password attributes


SYNOPSIS
     passwd [ name ]

     passwd [ -l | -d ]	[ -n min ] [ -f	] [ -x max ] [ -w warn ] name

     passwd -s [ -a ]

     passwd -s [ name ]


DESCRIPTION
     The passwd	command	changes	the password or	lists password attributes
     associated	with the user's	login name.  Additionally, super-users may use
     passwd to install or change passwords and attributes associated with any
     login name.  Passwords for	NIS entries that don't override	the passwd
     field with	a local	value must be changed with yppasswd(1).

     When used to change a password, passwd prompts ordinary users for their
     old password, if any.  It then prompts for	the new	password twice.	The
     first time	the new	password is entered passwd checks to see if the	old
     password has ``aged'' sufficiently. (Aging	is not supported for NIS
     entries, even if they have	locally	overrriden passwords.)	Password
     "aging" is	the amount of time (usually a certain number of	days) that
     must elapse between password changes.  If ``aging'' is insufficient the
     new password is rejected and passwd terminates;  see passwd(4).

     Assuming ``aging''	is sufficient, a check is made to insure that the new
     password meets construction requirements.	When the new password is
     entered a second time, the	two copies of the new password are compared.
     If	the two	copies are not identical the cycle of prompting	for the	new
     password is repeated for at most two more times.

     Passwords must be constructed to meet the following requirements:

	  Each password	must have at least six characters.  Only the first
	  eight	characters are significant.

	  Each password	must contain at	least two alphabetic characters	and at
	  least	one numeric or special character.  In this case,
	  ``alphabetic'' means upper and lower case letters.

	  Each password	must differ from the user's login name and any reverse
	  or circular shift of that login name.	 For comparison	purposes, an
	  upper	case letter and	its corresponding lower	case letter are
	  equivalent.

	  New passwords	must differ from the old by at least three characters.
	  For comparison purposes, an upper case letter	and its	corresponding
	  lower	case letter are	equivalent.

     One whose effective user ID is zero is called a super-user; see id(1),
     and su(1).	 Super-users may change	any password; hence, passwd does not
     prompt super-users	for the	old password.  Super-users are not forced to
     comply with password aging	and password construction requirements.	 A
     super-user	can create a null password by entering a carriage return in
     response to the prompt for	a new password.	 (This differs from passwd -d
     because the "password" prompt will	still be displayed.)

     Any user may use the -s option to show password attributes	for his	or her
     own login name.

     The format	of the display will be:

	  name status uid gid directory	shell mm/dd/yy min max

     or, if password aging information is not present,

	  name status uid gid directory	shell

     or, if the	entry is from NIS,

	  name status directory	shell

     where

     name	 The login ID of the user.

     status	 The password status of	name: "PS" stands for passworded or
		 locked, "LK" stands for locked, and "NP" stands for no
		 password.

     uid	 Numerical user	ID

     gid	 Numerical group ID

     directory	 Initial working directory

     shell	 program to use	as Shell when the user logs in.

     mm/dd/yy	 The date password was last changed for	name.  (Because	all
		 password aging	dates are determined using Greenwich Mean Time
		 and /etc/passwd stores	the information	in weeks, the date may
		 differ	by as much as a	week depending upon the	local time
		 zone.)

     min	 The minimum number of days required between password changes
		 for name.

     max	 The maximum number of days the	password is valid for name.



     Only a super-user can use the following options:

     -l	       Locks password entry for	name, preventing all logins to that
	       account,	except via the rhosts(4) mechanism.  Note that this
	       feature allows a	denial of service attack that may require
	       booting from the	miniroot to fix, as even the root accounts can
	       be locked out.

     -d	       Deletes password	for name.  The login name will not be prompted
	       for password.

     -n	       Set minimum field for name.  The	min field contains the minimum
	       number of days between password changes for name.  If min is
	       greater than max, the user may not change the password.	Always
	       use this	option with the	-x option, unless max is set to	-1
	       (aging turned off).  In that case, min need not be set.

     -x	       Set maximum field for name.  The	max field contains the number
	       of days that the	password is valid for name.  The aging for
	       name will be turned off immediately if max is set to -1.	 If it
	       is set to 0, then the user is forced to change the password at
	       the next	login session and aging	is turned off.

     -a	       Show password attributes	for all	entries.  Use only with	-s
	       option; name must not be	provided.

     -f	       Force the user to change	password at the	next login by expiring
	       the password for	name.

     -w	       The warn	argument indicates the number of days before the
	       password	expires	that the user is warned.


NOTE
     Aging does	not work with NIS entries, even	if the password	is locally
     overridden.


FILES
     /etc/passwd, /etc/opasswd,	/etc/.pwd.lock,	/etc/shadow, /etc/oshadow


SEE ALSO
     id(1M), login(1), su(1M).
     yppasswd(1) for NIS passwords.
     crypt(3C),	passwd(4), shadow(4).


DIAGNOSTICS
     The passwd	command	exits with one of the following	values:

     0	       SUCCESS.

     1	       Permission denied.


     2	       Invalid combination of options.

     3	       File manipulation error.

     4	       Old password or shadow password file cannot be recovered.

     5	       Password	file(s)	busy.  Try again later.

     6	       Invalid argument	to option.

     7	       Unexpected failure.  Password file unchanged.

     8	       Unknown login name.

     9	       Password	aging is disabled.