solaris - passwd (1)

     passwd - change login password and password attributes

     passwd [ name ]

     passwd -r files [ -egh ] [ name ]

     passwd -r files -s [ -a ]

     passwd -r files -s [ name ]

     passwd -r files [ -d | -l ] [ -f ] [ -n min ] [ -w warn ]
          [ -x max ] name

     passwd -r nis [ -egh ] [ name ]

     passwd -r nisplus [ -egh ] [ -D domainname ] [ name ]

     passwd -r nisplus -s [ -a ]

     passwd -r nisplus [ -D domainname ] -s [ name ]

     passwd -r nisplus [ -l ] [ -f ] [ -n min ] [ -w warn ]
          [ -x max ] [ -D domainname ] name


     The passwd command changes the password  or  lists  password
     attributes associated with the user's login name.  Addition-
     ally, privileged users may use passwd to install  or  change
     passwords and attributes associated with any login name.

     When used to change a password, passwd prompts everyone  for
     their  old  password,  if  any.  It then prompts for the new
     password twice.  When the old password  is  entered,  passwd
     checks  to see if it has "aged" sufficiently.  If "aging" is
     insufficient,  passwd  terminates;  see  pwconv(1M),   nist-
     bladm(1),  and  shadow(4)  for  additional information.  The
     pwconv command creates and updates /etc/shadow with informa-
     tion  from /etc/passwd.  pwconv relies on a special value of
     'x' in the password field of /etc/passwd.  This value of 'x'
     indicates  that  the  password  for  the  user is already in
     /etc/shadow and should not be modified.

     If aging is sufficient, a check is made to ensure  that  the
     new  password meets construction requirements.  When the new
     password is entered a second time, the two copies of the new
     password  are compared.  If the two copies are not identical
     the cycle of prompting for the new password is repeated  for
     at most two more times.

     Passwords must be constructed to meet the following require-

          o  Each password must have  at  least  six  characters.
            Only  the  first  eight  characters  are significant.
            PASSLENGTH is found in /etc/default/passwd and is set
            to 6.

          o  Each password must contain at least  two  alphabetic
            characters  and at least one numeric or special char-
            acter.  In this  case,  "alphabetic"  refers  to  all
            upper or lower case letters.

          o  Each password must differ from the user's login name
            and any reverse or circular shift of that login name.
            For comparison purposes, an upper case letter and its
            corresponding lower case letter are equivalent.

          o  New passwords must differ from the old by  at  least
            three  characters.  For comparison purposes, an upper
            case letter and its corresponding lower  case  letter
            are equivalent.

     If all requirements are met, by default, the passwd  command
     will  consult /etc/nsswitch.conf to determine in which repo-
     sitories to perform password update.  It searches the passwd
     and passwd_compat entries.  The sources (repositories) asso-
     ciated with these entries will  be  updated.   However,  the
     password  update configurations supported are limited to the
     following 5 cases.  Failure to comply  with  the  configura-
     tions will prevent users from logging onto the system.

     o passwd: files
     o passwd: files nis
     o passwd: files nisplus
     o passwd: compat (==> files nis)
     o passwd: compat (==> files nisplus)
        passwd_compat: nisplus

     Network administrators, who own the NIS+ password table, may
     change any password attributes.

     In files case, super-users (for instance, real and effective
     uid  equal  to  zero,  see id(1M) and su(1M)) may change any
     password; hence, passwd does not prompt privileged users for
     the old password.  Privileged users are not forced to comply
     with password aging and password construction  requirements.
     A  privileged  user can create a null password by entering a
     carriage return in response to the prompt for  a  new  pass-
     word.   (This  differs from passwd -d because the "password"
     prompt will still be displayed.)

     Any user may use the -s option to show  password  attributes
     for his or her own login name.  Provided they are using the
     -r nisplus argument.  Otherwise the  - s  argument  is  res-
     tricted to the super-user.

     The format of the display will be:

          name status mm/dd/yy min max warn

     or, if password aging information is not present,

          name status


          name    The login ID of the user.

          status  The password status of  name:   PS  stands  for
                  passworded or locked, LK stands for locked, and
                  NP stands for no password.

                  The date password was last  changed  for  name.
                  (Note  that all password aging dates are deter-
                  mined  using  Greenwich  Mean  Time  (Universal
                  Time)  and, therefore, may differ by as much as
                  a day in other time zones.)

          min     The minimum number  of  days  required  between
                  password  changes  for name.  MINWEEKS is found
                  in /etc/default/passwd and is set to NULL.

          max     The maximum number  of  days  the  password  is
                  valid   for   name.    MAXWEEKS   is  found  in
                  /etc/default/passwd and is set to NULL.

          warn    The number of days relative to max  before  the
                  password expires and the name will be warned.

     -r              Specifies the repository to which an  opera-
                    tion  is applied.  The supported repositories
                    are files, nis, or nisplus.

     -e              Change the login shell.

     -g              Change the gecos (finger) information.

     -h              Change the home directory.

     -D domainname   Consult the passwd.org_dir table in  domain-
                    name.   If  this option is not specified, the
                    default      domainname      returned      by
                    nis_local_directory(3N)  will  be used.  This
                    domain name is the same as that  returned  by

     -s name         Show password attributes for the login name.
                    For  the  nisplus  repository, this works for
                    everyone.  However for the files  repository,
                    this  only works for the super-user.  It does
                    not work at all for the nis repository  which
                    does not support password aging.

     -a              Show password attributes  for  all  entries.
                    Use only with the -s option; name must not be
                    provided.  For nisplus repository, this  will
                    show  only  the  entries  in  the NIS+ passwd
                    table in the local domain that the invoker is
                    authorized  to "read".  For the files reposi-
                    tory, this is restricted to the super-user.

  Privileged User Options
     Only a privileged user can use the following options:

     -f              Force the user to  change  password  at  the
                    next login by expiring the password for name.

     -l              Locks password entry for name.

     -n min          Set minimum field for name.  The  min  field
                    contains  the  minimum number of days between
                    password changes for name.  If min is greater
                    than  max,  the user may not change the pass-
                    word.  Always use this option with  the   - x
                    option, unless max is set to -1 (aging turned
                    off).  In that case, min need not be set.

     -w warn         Set warn field for  name.   The  warn  field
                    contains  the number of days before the pass-
                    word expires and the user is warned.

     -x max          Set maximum field for name.  The  max  field
                    contains the number of days that the password
                    is valid for name.  The aging for  name  will
                    be  turned off immediately if max is set to -
                    1.  If it is set  to  0,  then  the  user  is
                    forced  to  change  the  password at the next
                    login session and aging is turned off.

     -d              Deletes password for name.  The  login  name
                    will  not  be  prompted  for password.  It is
                    only applicable to the files repository.

     If any  of  the  LC_*  variables  (  LC_CTYPE,  LC_MESSAGES,
     environ(5)) are not set in the environment, the  operational
     behavior of passwd for each corresponding locale category is
     determined by the value of the  LANG  environment  variable.
     If LC_ALL is set, its contents are used to override both the
     LANG and the other LC_* variables.  If  none  of  the  above
     variables  is  set in the environment, the "C"  (U.S. style)
     locale determines how passwd behaves.

     LC_CTYPE       Determines  how  passwd  handles  characters.
                    When LC_CTYPE is set to a valid value, passwd
                    can display and  handle  text  and  filenames
                    containing  valid characters for that locale.
                    passwd can display and handle  Extended  Unix
                    Code  (EUC)  characters  where any individual
                    character can be  1,  2,  or  3  bytes  wide.
                    passwd  can  also handle EUC characters of 1,
                    2, or more column widths. In the "C"  locale,
                    only characters from ISO 8859-1 are valid.

     LC_MESSAGES    Determines  how  diagnostic  and  informative
                    messages  are  presented.  This  includes the
                    language and style of the messages,  and  the
                    correct  form  of  affirmative  and  negative
                    responses.  In the "C" locale,  the  messages
                    are  presented  in  the default form found in
                    the  program  itself  (in  most  cases,  U.S.

     The passwd command exits with one of the following values:
     0    success.
     1    Permission denied.
     2    Invalid combination of options.
     3    Unexpected failure.  Password file unchanged.
     4    Unexpected failure.  Password file(s) missing.
     5    Password file(s) busy.  Try again later.
     6    Invalid argument to option.

     /etc/passwd         password file.
     /etc/shadow         shadow password file.
     /etc/default/passwd Default values can be set for  the  fol-
                         lowing   flags  in  /etc/default/passwd.
                         For example:  MAXWEEKS=26

                         MAXWEEKS       Maximum time period  that
                                        password is valid.

                         MINWEEKS       Minimum    time    period
                                        before  the  password can
                                        be changed.

                         PASSLENGTH     Minimum length  of  pass-
                                        word, in characters.

                         WARNWEEKS      Time period until warning
                                        of   date  of  password's
                                        ensuing expiration.

     finger(1),     login(1),     nispasswd(1),      yppasswd(1),
     domainname(1M),     eeprom(1M),     id(1M),    passmgmt(1M),
     pwconv(1M), su(1M), useradd(1M),  userdel(1M),  usermod(1M),
     crypt(3C),            getpwnam(3C),            getspnam(3C),
     nis_local_directory(3N), loginlog(4), passwd(4),  shadow(4),

     The passwd command replaces the nispasswd and yppasswd  com-
     mands and should be used in their place.