|Previous||Table of Contents||Next|
The external passwd command allows you to create or change the password associated with your user name. The super-user (system administrator) can change any user's password and is not prompted for the old password. As a user you can only change your password.
Following is the general format for the passwd command.
passwd [ user_name ] passwd [ -df ][ -n min ][ -x max ][ -w warn ]user_name passwd [ -fl ][ -n min ][ -x max ][ -w warn ]user_name passwd -s[-a ] passwd -s[ user_name ]
|passwd [ -fs ][ user_name ]|
The following list describes the options used to control how passwd functions.
|-d||Deletes the password for user_name. The user_name will not be prompted for a password.|
|-f||Force the password to expire. The user_name is forced to enter a new password at the next login.|
|-l||Lock the password entry for user_name. No changes may be made.|
|-n min||Set the minimum number of days between password changes.|
|-s||Display (show) password attributes for user user_name. If no user_name is specified, your login user_name is used. The format of the information is,|
|user-name status mm/dd/yy min max warn|
|or, if no password aging information is present|
|user_name||The login ID of a user|
|status||The password status|
|mm/dd/yy||The date the password was last changed|
|min||The minimum number of days between password changes. The label MINWEEKS specifies the default. It is located in the /etc/default/passwd file and is set to NULL. If min is greater than max, the user may not change the password. Always use with the -x option.|
|max||The maximum number of days the password is valid. The user is forced to change the password every max days. The label MAXWEEKS specifies the default. It is located in the /etc/default/passwd file and is set to NULL. If max is set to -1 then aging is turned off. If it is set to 0 then user_name is forced to change the password at the next login and aging is turned off.|
|warn||The number of days before the password expires, based on max, that the user_name will be warned.|
|-a||Display password attributes for all entries in the password file.|
|-w warn||Set the number of days before the password expires to notify the user_name.|
|-x max||Set the maximum number of days the password is valid.|
|-f||Allows you to change the information field of the /etc/passwd file for your login. Refer to chfn in Module 15 for further information.|
|-s||Allows you to change the login shell in the /etc/passwd file for your login.|
The following list describes the argument that may be passed to the passwd command.
|user_name||A valid user name in the /etc/passwd file. The user name is the first column (colon-separated columns) of the /etc/passwd file. Only the super-user can change another user's password.|
The use of passwords and their implementation is highly dependent upon your company's security policy and your system administrator. Some system administrators don't require passwords, while others require passwords, perform full accounting on every user, and implement password aging. Check with you system administrator for the requirements placed on your account.
The passwd command is capable of checking the elapsed time since the password was last changed, referred to as password aging. If the elapsed time is sufficient, then the user is allowed to change the password. Password aging also requires that a user must change passwords after a specified amount of time. The system administrator decides if password aging is activated and how long each password is aged.
|Most BSD based systems do not provide password aging. You should check your reference manual for specific password implementations on your system.|
The following is a list of requirements that a password must meet before passwd will allow it as your password.
|Berkeley is much more lenient about passwords. The following requirements must be met for a valid password.|
|1. Must contain four characters. Upper and lowercase.|
|2. Must contain six characters if only monocase.|
Refer to the login command described in Module 77 and the su command described in Module 127. To change your information field refer to the chfn command in Module 15.
The passwd utility reads the /etc/passwd file to retrieve the existing password and store the new password. The /etc/shadow file is used to store secure password information. Some BSD systems support a type of shadow file.
The passwd command returns the following return codes upon completion:
|2||Invalid combination of options|
|3||Unexpected failure, the password file is left unchanged|
|4||Unexpected failure, the password file is missing|
|5||The password file is busy, try again later|
|6||Invalid argument to an option|
The $? ($status-csh) shell variable contains the return code. So echo $? will display the return status.
The passwd utility is used to create a new password for a user or change an existing password. It provides a means of user security on the system. By changing your password once or twice a month you reduce the chance of another user learning your current password. The use of passwords is dependent on your company's security policy and your system administrator's implementation of security features. It is advisable to use a password and change it every two weeks even if it's not required of you.
TIP: Your password should be some meaningless string of intermixed numbers, characters, and symbols. Names of friends, wives, husbands, etc. are easily guessed by the criminal/jerk next door, down the street, or around the world.
In this activity you use the passwd command to change your password. The prompts that are returned from different password programs may vary but the requested response is the same.
cj> passwd Enter old passwd:
cj> passwd Enter old passwd: Enter new passwd:
cj> passwd Enter old passwd: Enter new passwd: Re-enter new passwd:
Mismatch - passwd not updated!
|Previous||Table of Contents||Next|