PASSWD linux command manual

PASSWD(1)                  User utilities                      PASSWD(1)

       passwd - update a user's authentication tokens(s)

       passwd  [-k]  [-l]  [-u [-f]] [-d] [-n mindays] [-x maxdays] [-w warn-
       days] [-i inactivedays] [-S] [username]

       Passwd is used to update a user's authentication token(s).

       Passwd is configured to work through the Linux-PAM API.   Essentially,
       it  initializes  itself  as a "passwd" service with Linux-PAM and uti-
       lizes configured password modules to authenticate and  then  update  a
       user's password.

       A  simple  entry  in the Linux-PAM configuration file for this service
       would be:

        # passwd service entry that does strength checking of
        # a proposed password before updating it.
        passwd password requisite \
                    /usr/lib/security/ retry=3
        passwd password required \
                    /usr/lib/security/ use_authtok

       Note, other module-types are not  required  for  this  application  to
       function correctly.

       -k     The option, -k, is used to indicate that the update should only
              be for expired  authentication  tokens  (passwords);  the  user
              wishes to keep their non-expired tokens as before.

       -l     This  option  is  used  to lock the specified account and it is
              available to root only. The locking is performed  by  rendering
              the encrypted password into an invalid string (by prefixing the
              encrypted string with an !).

              This option is used to indicate that passwd should read the new
              password from standard input, which can be a pipe.

       -u     This  is  the  reverse  of  the  -l option - it will unlock the
              account password by removing  the  !  prefix.  This  option  is
              available to root only. By default passwd will refuse to create
              a passwordless account (it will not unlock an account that  has
              only "!" as a password). The force option -f will override this

       -d     This is a quick way to disable a password for  an  account.  It
              will  set  the  named  account  passwordless. Available to root

       -n     This will set the minimum password lifetime, in  days,  if  the
              user's  account supports password lifetimes.  Available to root

       -x     This will set the maximum password lifetime, in  days,  if  the
              user's  account supports password lifetimes.  Available to root

       -w     This will set the number of days in advance the user will begin
              receiving warnings that her password will expire, if the user's
              account supports password lifetimes.  Available to root only.

       -i     This will set the number of days  which  will  pass  before  an
              expired  password  for  this account will be taken to mean that
              the account is inactive and should be disabled, if  the  user's
              account supports password lifetimes.  Available to root only.

       -S     This  will  output  a short information about the status of the
              password for a given account. Available to root user only.

Remember the following two principles
       Protect your password.
              Don't write down your password - memorize it.   In  particular,
              don't  write  it down and leave it anywhere, and don't place it
              in an unencrypted file!  Use unrelated  passwords  for  systems
              controlled  by  different  organizations.   Don't give or share
              your password, in particular to someone  claiming  to  be  from
              computer support or a vendor.  Don't let anyone watch you enter
              your password.  Don't enter your password  to  a  computer  you
              don't  trust  or  if things Use the password for a limited time
              and change it periodically.

       Choose a hard-to-guess password.
              passwd will try to prevent you from choosing a really bad pass-
              word,  but  it  isn't  foolproof;  create your password wisely.
              Don't use something you'd find in a dictionary (in any language
              or jargon).  Don't use a name (including that of a spouse, par-
              ent, child, pet, fantasy character, famous  person,  and  loca-
              tion) or any variation of your personal or account name.  Don't
              use accessible information about you (such as your  phone  num-
              ber, license plate, or social security number) or your environ-
              ment.  Don't use a birthday or a simple pattern (such as  back-
              wards,  followed  by  a digit, or preceded by a digit. Instead,
              use a mixture of upper and lower case letters, as well as  dig-
              its  or  punctuation.   When choosing a new password, make sure
              it's unrelated to any previous  password.  Use  long  passwords
              (say  8 characters long).  You might use a word pair with punc-
              tuation inserted, a passphrase (an understandable  sequence  of
              words), or the first letter of each word in a passphrase.

       These principles are partially enforced by the system, but only partly
       so.  Vigilence on your part will make the system much more secure.

       On successful completion of its task, passwd will complete  with  exit
       code  0.   An  exit  code  of  1 indicates an error occurred.  Textual
       errors are written to the standard error stream.

       Linux-PAM (Pluggable Authentication modules for Linux).
       Note, if your distribution of Linux-PAM conforms to the Linux Filesys-
       tem  Standard,  you  may find the modules in /lib/security/ instead of
       /usr/lib/security/, as indicated in the example.

       /etc/pam.d/passwd - the Linux-PAM configuration file

       None known.

       pam(8), and pam_chauthok(2).

       For more complete information on how  to  configure  this  application
       with Linux-PAM, see the Linux-PAM System Administrators' Guide at

       Cristian Gafton 

Red Hat Linux                    Jan 03 1998                        PASSWD(1)