passwd(1)
- NetBSD Manual Pages
PASSWD(1) NetBSD Reference Manual PASSWD(1)
NAME
passwd, yppasswd, kpasswd - modify a user's password
SYNOPSIS
passwd [-l] [user]
passwd [-y] [user]
passwd [-4] [-k] [-i instance] [-r realm] [-u fullname] [user]
passwd [-5] [-k] [-u fullname] [user]
kpasswd [-4] [-k] [-i instance] [-r realm] [-u fullname] [user]
kpasswd [-5] [-k] [-u fullname] [user]
yppasswd [user]
DESCRIPTION
passwd changes the user's local, YP, or kerberos password. First, the
user is prompted for their current password. If the current password is
correctly typed, a new password is requested. The new password must be
entered twice to avoid typing errors.
The new password should be at least six characters long and not purely
alphabetic. Its total length must be less than _PASSWORD_LEN (currently
128 characters). Numbers, upper case letters and meta characters are en-
couraged.
All options may not be available on all systems.
-l This option causes the password to be updated only in the local
password file. When changing only the local password, pwd_mkdb(8)
is used to update the password databases.
-y This forces the YP password database entry to be changed, even if
the user has an entry in the local database. The rpc.yppasswdd(8)
daemon should be running on the YP master server. yppasswd is the
equivalent of passwd with the -y flag.
-4 This option causes passwd to change the user's kerberos password,
using the kerberos 4 admin protocol.
-5 This option causes passwd to change the user's kerberos password,
using the kerberos 5 admin protocol.
-k This option causes passwd to change the user's kerberos password,
using either the kerberos 4 or kerberos 5 admin protocol. If both
kerberos 4 and kerberos 5 libraries and config files are installed
on the host, kerberos 5 will be used to change the password.
kpasswd is the equivalent of passwd with the -k flag.
-i instance
This option selects a non-default Kerberos 4 instance for the Ker-
beros password to be changed.
-r realm
This option selects a non-default Kerberos 4 realm for the Kerberos
password to be changed.
-u fullname
This option specifies the entire principal.instance@realm (for Ker-
beros 4) or principal/instance@realm (for Kerberos 5) for the Ker-
beros password to be changed.
This is the behavior if no flags are specified: If Kerberos is active
then passwd will talk to the Kerberos server, attempting to use Kerberos
5, then Kerberos 4 protocols to change the password (even if the user has
an entry in the local database.) If Kerberos is unavailable, an attempt
is made to use the YP database. If the password is not in the YP
database, then an attempt is made to use the local password database.
The super-user is not required to provide a user's current password if
only the local password is modified.
The type of cipher used to encrypt the password depends on the configura-
tion in passwd.conf(5). It can be different for local and YP passwords.
FILES
/etc/master.passwd The user database
/etc/passwd A Version 7 format password file
/etc/passwd.XXXXXX Temporary copy of the password file
SEE ALSO
chpass(1), login(1), passwd(5), passwd.conf(5), pwd_mkdb(8), vipw(8)
Robert Morris and Ken Thompson, UNIX password security.
HISTORY
A passwd command appeared in Version 6 AT&T UNIX.
NetBSD 1.6 June 6, 1993 2
Powered by man-cgi (2024-03-20).
Maintained for NetBSD
by Kimmo Suominen.
Based on man-cgi by Panagiotis Christias.