passwd(1)

passwd -- change login password and password attributes

Synopsis

passwd [login_name]

passwd [-l | -d] [-f] [-x max] [-n min] [-w warn] login_name

passwd -s [-a]

passwd -s [login_name]

passwd -p

Description

The passwd command lets any user change the password or get a list of the current password attributes for his or her login_name. Privileged users may run passwd to perform these functions for any user, and to set the password attributes for any user. The command can be used to change passwords in the Network Information Service (NIS) database.

A password is usually assigned by an administrator while creating a user account for the owner of the login name login_name. Later the user can change the password either by running the passwd command without any options or by invoking the -p option to the login procedure.

To use the latter method, enter a -p immediately after the login prompt (before entering login_name):

   login: -p login_name

The login scheme then calls the passwd command.

See login(1) for details.

Command syntax

Any user may use the -s option:

-s: Show password attributes for the user's own login_name.

Only a privileged user may use the following options:

-d: Delete the password for login_name so that the user is not prompted for a password.
-f: Force the user to change the password at the next login by expiring the password for login_name.
-l: Lock the password entry for login_name.
-n min: Specify the minimum number of days between password changes for user login_name. Always use this option with the -x option unless max is set to -1 (aging turned off). In that case, min need not be set.
-p: Generate an encrypted password on the standard output from a plain text password entered in response to a prompt.
-s: Show password attributes for login_name.
-s -a: Show the password attributes for all users.
-w warn: Specify the number of days (relative to max) on which user login_name will be warned before the password expires.
-x max: Specify the number of days the password is valid for user login_name.

Password construction

Passwords must be constructed to meet the following requirements:

Each password must have at least PASSLENGTH characters as defined in /etc/default/passwd. PASSLENGTH must be at least 3. The first 80 characters of a password are treated as significant (this is the value of PASS_MAX in /usr/include/limits.h).
Each password must contain at least two alphabetic characters and at least one numeric or special character. (In this case, ``alphabetic'' includes all uppercase and lowercase letters.)
Each password must differ from the user's login name and any reverse or circular shift of that login name. (Corresponding uppercase and lowercase letters are considered equivalent.)
A new password must differ from the old one by at least three characters.

If a password generator program has been specified for a user through the useradd (or usermod) command, passwd calls the password generator program to generate possible passwords for the user to select; when a password generator is used, none of the normally required password construction rules are enforced.

Operation

When used to change a password, passwd prompts ordinary users for their old password, if any. If sufficient time has passed since the old password was set, passwd then prompts the user twice for the new password; otherwise it terminates. Next, passwd checks to make sure the new password meets construction requirements. When the new password is entered a second time, the two copies of the new password are compared. If the two copies are not identical, the cycle of prompting for the new password is repeated a maximum of twice.

Privileged users may change any password; the passwd command does not prompt a privileged user for an old password. Privileged users are not forced to comply with password aging and password construction requirements. Such users can create a null password by pressing <Enter> in response to the prompt for a new password. (This differs from passwd -d because the Password: prompt will still be displayed.)

Local passwords and NIS passwords

Passwords and information related to passwords are kept in two files on the system, /etc/passwd and /etc/shadow. An NIS database containing passwords is also maintained for NIS users. In the case where a user has entries in both the local /etc/passwd file and the NIS database, the password that will be updated is determined primarily by two factors:

if a user has an entry in this database, the local password is always the one that is updated. This database is usually created at boot time by creatiadb(1M). Note that user logins that begin with a + or - character are ignored by creatiadb and therefore do not have corresponding entries in the I&A database.
if a user has a password specified in the local /etc/shadow file, this password will always be updated, whether or not the same user has an entry in the NIS passwd database. If the user has an /etc/shadow entry with no password, then passwd will update the user's entry in the NIS passwd database.

Password aging

Passwords are valid for finite periods (defined by the system administrator), after which they must be changed. Therefore a record must be kept of each password and the period for which it's active. As the expiration date for a password approaches, its owner is warned to choose a new password before a specified number of days elapses. The process of monitoring password schedules and notifying users about their passwords, when necessary, is called password aging.

Information about the password for each user on the system is kept in /etc/shadow, which is readable only by privileged users.

Each user's line in /etc/shadow has four parameters that affect password aging:

lastchanged:: The date on which the password for the user was last changed. (Note that this date is determined using Greenwich Mean Time and, therefore, may differ by as much as a day in other time zones.)
minimum:: The number of days that must elapse after the lastchanged date before the password for the user can be changed.
maximum:: The number of days for which the password for the user will be valid after the lastchanged date (after which it will be necessary to change the password). This number does not include the day on which the password is set.
warn:: The number of days the user will receive warnings about the impending expiration of his or her password. Thus, for example, if the value of warn is 7, the owner of login_name will start receiving warnings a week before the password expires.

The last three of these parameters may be set by the command line options -n, -x, and -w, respectively. In the absence of command options, their values are set from the /etc/default/passwd file. The ``Defaults'' section describes these parameters.

If minimum is greater than maximum, the user may not change the password. Aging for login_name is turned off immediately if maximum is set to -1. If maximum is set to 0, the user is forced to change the password at the next login session after the lastchanged date, and aging is turned off at that time.

Password aging is never turned off directly by the command line passwd -x 0 login_name. Instead, this command sets the ``maximum'' field to 0. If the ``lastchanged'' field is not 0, the aging fields will be cleared the next time the passwd command is used to change the user's password. If, however, the ``lastchanged'' field is set to 0, the aging fields are not changed.

If you expect the aging fields to be cleared and they're not, the explanation could be that the ``lastchanged'' field has been set to 0 without your realizing it. There are two possible explanations.

You (the administrator) may have expired a user's password by running the command passwd -f login_name. In this case, the value of lastchanged would have been set to 0.
The ``maximum'' field may have been clear when you issued the command passwd -x 0 login_name. In this case, the passwd command itself would have set the value of lastchanged to 0.

Displaying password attributes

When the passwd command is used to show password attributes, the format of the display is:

   login_name status lastchanged minimum maximum warn

or, if password aging information is not present,

   login_name status

The fields are defined as follows:

login_name: The login ID of the user.
status: The password status of login_name: PS stands for passworded, LK stands for locked, and NP stands for no password.

The last four fields are as defined under Password Aging.

Defaults

By assigning values to a set of parameters in the file /etc/default/passwd, an administrator can control the aging and length of passwords. The following parameters are available.

MINALPHA: Minimum number of alphanumeric chars a password must have (default is 2).
MINDIFF: Minimum number of characters old and new password must differ (default is 3).
MINDIGIT: Minimum number of digits (default is 1); only one of MINDIGIT or MINOTHER can be set.
MINOTHER: Minimum number of other [special] characters (default is 1); only one of MINOTHER or MINDIGIT can be set.
MINWEEKS: Minimum number of weeks before a password can be changed. In a delivered system, the value is 0.
MAXWEEKS: Maximum number of weeks a password can be unchanged. In a delivered system, the value is 24.
WARNWEEKS: Number of weeks before a password expires that the user is to be warned. In a delivered system, the value is 1.
PASSLENGTH: Minimum number of characters in a password. In a delivered system, the value is 3.

Note that the passwd command option arguments min, max, and warn and the corresponding /etc/shadow fields ``minimum'', ``maximum'', and ``warn'' treat aging in terms of days; the corresponding /etc/default/passwd fields, MINWEEKS, MAXWEEKS, and WARNWEEKS, in terms of weeks.

When password aging is off for a user but default aging values exist in /etc/default/passwd, then password aging will be turned on when the user's password is changed.

Files

/etc/shadow
/etc/passwd
/etc/oshadow
/etc/opasswd
/etc/default/passwd
/usr/lib/locale/locale/LC_MESSAGES/uxcore.abi: language-specific message file (see LANG on environ(5).)
/etc/security/ia/index: index into /etc/security/ia/master
/etc/security/ia/master: contains all I&A information about users

Diagnostics

The passwd command exits with a return code of 0 upon successful completion. Following are reasons for failure:

permission denied
invalid combination of options
unexpected failure; password file unchanged
unexpected failure; password file(s) missing
password file(s) busy; try again later
invalid argument to option
unexpected failure
unknown ID
aging disabled
password may only be changed at login time

Some errors could be due to a missing or corrupted /etc/shadow file. Check the /etc/shadow file and, if necessary, create it using the pwconv(1M) command. The pwconv command creates a new /etc/shadow file using the currently defined logins, passwords, and password aging information found in the existing /etc/passwd and /etc/security/ia files.

References

crypt(3G), id(1M), login(1), passwd(4), pwconv(1M), shadow(4), su(1M), useradd(1M), userdel(1M), usermod(1M)

Notices

If root runs the passwd -d command to delete a password for a user for whom password aging is in effect, that user will not be allowed to add a new password until the NULL password has been aged. This is true even if the PASSREQ flag in /etc/default/login is set to YES. This results in a user without a password. We recommend you use the -f option whenever you use -d to delete a password. By doing so, you'll ensure the user is forced to change his or her password when he or she next logs in.