kpasswd(1) - NetBSD Manual Pages

PASSWD(1)               NetBSD General Commands Manual               PASSWD(1)


NAME
passwd, yppasswd, kpasswd - modify a user's password
SYNOPSIS
passwd [-l] [user] passwd [-y] [user] passwd [-4] [-k] [-i instance] [-r realm] [-u fullname] [user] passwd [-5] [-k] [-u fullname] [user] kpasswd [-4] [-k] [-i instance] [-r realm] [-u fullname] [user] kpasswd [-5] [-k] [-u fullname] [user] yppasswd [user]
DESCRIPTION
passwd changes the user's local, YP, or Kerberos password. First, the user is prompted for their current password. If the current password is correctly typed, a new password is requested. The new password must be entered twice to avoid typing errors. The new password should be at least six characters long and not purely alphabetic. Its total length must be less than _PASSWORD_LEN (currently 128 characters). Numbers, upper case letters and meta characters are encouraged. All options may not be available on all systems. -l This option causes the password to be updated only in the local password file. When changing only the local password, pwd_mkdb(8) is used to update the password databases. -y This forces the YP password database entry to be changed, even if the user has an entry in the local database. The rpc.yppasswdd(8) daemon should be running on the YP master server. yppasswd is the equivalent of passwd with the -y flag. -4 This option causes passwd to change the user's Kerberos password, using the Kerberos 4 admin protocol. -5 This option causes passwd to change the user's Kerberos password, using the Kerberos 5 admin protocol. -k This option causes passwd to change the user's Kerberos password, using either the Kerberos 4 or Kerberos 5 admin protocol. If both Kerberos 4 and Kerberos 5 libraries and config files are installed on the host, Kerberos 5 will be used to change the password. kpasswd is the equivalent of passwd with the -k flag. Kerberos password changing will only be attempted when Kerberos has been enabled on the host by adding configuration files for Kerberos. For Kerberos 5, see krb5.conf(5). -i instance This option selects a non-default Kerberos 4 instance for the Ker- beros password to be changed. -r realm This option selects a non-default Kerberos 4 realm for the Kerberos password to be changed. -u fullname This option specifies the entire principal.instance@realm (for Ker- beros 4) or principal/instance@realm (for Kerberos 5) for the Ker- beros password to be changed. This is the behavior if no flags are specified: If Kerberos is configured then passwd will talk to the Kerberos server, attempting to use Kerberos 5, then Kerberos 4 protocols to change the password (even if the user has an entry in the local database.) If Kerberos is unavailable, an attempt is made to use the YP database. If the password is not in the YP data- base, then an attempt is made to use the local password database. The super-user is not required to provide a user's current password if only the local password is modified. The type of cipher used to encrypt the password depends on the configura- tion in passwd.conf(5). It can be different for local and YP passwords.
FILES
/etc/master.passwd The user database /etc/passwd A Version 7 format password file /etc/passwd.XXXXXX Temporary copy of the password file
SEE ALSO
chpass(1), login(1), passwd(5), passwd.conf(5), pwd_mkdb(8), vipw(8) Robert Morris and Ken Thompson, UNIX password security.
HISTORY
A passwd command appeared in Version 6 AT&T UNIX. NetBSD 2.0 April 5, 2003 NetBSD 2.0

Powered by man-cgi (2024-08-26). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.