33
34 passwd -r ldap [-d | -l | -u | -N] [-f] [-n min] [-w warn] [-x max] name
35
36
37 passwd -r nis [-egh] [name]
38
39
40 passwd -r nisplus [-egh] [-D domainname] [name]
41
42
43 passwd -r nisplus -s [-a]
44
45
46 passwd -r nisplus [-D domainname] -s [name]
47
48
49 passwd -r nisplus [-l | -u | -N] [-f] [-n min] [-w warn]
50 [-x max] [-D domainname] name
51
52
53 DESCRIPTION
54 The passwd command changes the password or lists password attributes
55 associated with the user's login name. Additionally, privileged users
56 can use passwd to install or change passwords and attributes associated
57 with any login name.
58
59
60 When used to change a password, passwd prompts everyone for their old
61 password, if any. It then prompts for the new password twice. When the
62 old password is entered, passwd checks to see if it has aged
63 sufficiently. If aging is insufficient, passwd terminates; see
64 pwconv(1M), nistbladm(1), and shadow(4) for additional information.
65
66
67 The pwconv command creates and updates /etc/shadow with information
68 from /etc/passwd. pwconv relies on a special value of x in the password
69 field of /etc/passwd. This value of xindicates that the password for
70 the user is already in /etc/shadow and should not be modified.
71
72
379
380
381 -u
382 Unlocks a locked password for entry name. See the -d option
383 for removing the locked password, or to set a password to
384 allow logins.
385
386
387 -w warn
388 Sets warn field for name. The warn field contains the number
389 of days before the password expires and the user is warned.
390 This option is not valid if password aging is disabled.
391
392
393 -x max
394 Sets maximum field for name. The max field contains the
395 number of days that the password is valid for name. The
396 aging for name is turned off immediately if max is set to1.
397
398
399 OPERANDS
400 The following operand is supported:
401
402 name
403 User login name.
404
405
406 ENVIRONMENT VARIABLES
407 If any of the LC_* variables, that is, LC_CTYPE, LC_MESSAGES, LC_TIME,
408 LC_COLLATE, LC_NUMERIC, and LC_MONETARY (see environ(5)), are not set
409 in the environment, the operational behavior of passwd for each
410 corresponding locale category is determined by the value of the LANG
411 environment variable. If LC_ALL is set, its contents are used to
412 override both the LANG and the other LC_* variables. If none of the
413 above variables is set in the environment, the C (U.S. style) locale
414 determines how passwd behaves.
415
416 LC_CTYPE
417 Determines how passwd handles characters. When LC_CTYPE
418 is set to a valid value, passwd can display and handle
677
678 The human readable output is Uncommitted. The options are Committed.
679
680 SEE ALSO
681 at(1), batch(1), finger(1), kpasswd(1), login(1), nistbladm(1),
682 cron(1M), domainname(1M), eeprom(1M), id(1M), ldapclient(1M),
683 mkpwdict(1M), passmgmt(1M), pwconv(1M), su(1M), useradd(1M),
684 userdel(1M), usermod(1M), crypt(3C), getpwnam(3C), getspnam(3C),
685 getusershell(3C), nis_local_directory(3NSL), pam(3PAM), loginlog(4),
686 nsswitch.conf(4), pam.conf(4), passwd(4), policy.conf(4), shadow(4),
687 shells(4), attributes(5), environ(5), pam_authtok_check(5),
688 pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_ldap(5),
689 pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)
690
691 NOTES
692 The pam_unix(5) module is no longer supported. Similar functionality is
693 provided by pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5),
694 pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5),
695 pam_dhkeys(5), and pam_passwd_auth(5).
696
697
698 The nispasswd and ypasswd commands are wrappers around passwd. Use of
699 nispasswd and ypasswd is discouraged. Use passwd -r repository_name
700 instead.
701
702
703 NIS+ might not be supported in future releases of the Solaris operating
704 system. Tools to aid the migration from NIS+ to LDAP are available in
705 the current Solaris release. For more information, visit
706 http://www.sun.com/directory/nisplus/transition.html.
707
708
709 Changing a password in the files and ldap repositories clears the
710 failed login count.
711
712
713 Changing a password reactivates an account deactivated for inactivity
714 for the length of the inactivity period.
715
716
717 If /etc/shells is present, and is corrupted, it may provide an attack
718 vector that would compromise the system. The getusershell(3c) library
719 call has a pre-vetted list of shells, so /etc/shells should be used with
720 caution.
721
722
723 Input terminal processing might interpret some key sequences and not
724 pass them to the passwd command.
725
726
727 An account with no password, status code NP, might not be able to
728 login. See the login(1) PASSREQ option.
729
730
731
732 May 31, 2013 PASSWD(1)
|
33
34 passwd -r ldap [-d | -l | -u | -N] [-f] [-n min] [-w warn] [-x max] name
35
36
37 passwd -r nis [-egh] [name]
38
39
40 passwd -r nisplus [-egh] [-D domainname] [name]
41
42
43 passwd -r nisplus -s [-a]
44
45
46 passwd -r nisplus [-D domainname] -s [name]
47
48
49 passwd -r nisplus [-l | -u | -N] [-f] [-n min] [-w warn]
50 [-x max] [-D domainname] name
51
52
53 passwd -S [name]
54
55
56 DESCRIPTION
57 The passwd command changes the password or lists password attributes
58 associated with the user's login name. Additionally, privileged users
59 can use passwd to install or change passwords and attributes associated
60 with any login name.
61
62
63 When used to change a password, passwd prompts everyone for their old
64 password, if any. It then prompts for the new password twice. When the
65 old password is entered, passwd checks to see if it has aged
66 sufficiently. If aging is insufficient, passwd terminates; see
67 pwconv(1M), nistbladm(1), and shadow(4) for additional information.
68
69
70 The pwconv command creates and updates /etc/shadow with information
71 from /etc/passwd. pwconv relies on a special value of x in the password
72 field of /etc/passwd. This value of xindicates that the password for
73 the user is already in /etc/shadow and should not be modified.
74
75
382
383
384 -u
385 Unlocks a locked password for entry name. See the -d option
386 for removing the locked password, or to set a password to
387 allow logins.
388
389
390 -w warn
391 Sets warn field for name. The warn field contains the number
392 of days before the password expires and the user is warned.
393 This option is not valid if password aging is disabled.
394
395
396 -x max
397 Sets maximum field for name. The max field contains the
398 number of days that the password is valid for name. The
399 aging for name is turned off immediately if max is set to1.
400
401
402 -S
403 Read the password from standard input (pipe).
404
405
406 OPERANDS
407 The following operand is supported:
408
409 name
410 User login name.
411
412
413 ENVIRONMENT VARIABLES
414 If any of the LC_* variables, that is, LC_CTYPE, LC_MESSAGES, LC_TIME,
415 LC_COLLATE, LC_NUMERIC, and LC_MONETARY (see environ(5)), are not set
416 in the environment, the operational behavior of passwd for each
417 corresponding locale category is determined by the value of the LANG
418 environment variable. If LC_ALL is set, its contents are used to
419 override both the LANG and the other LC_* variables. If none of the
420 above variables is set in the environment, the C (U.S. style) locale
421 determines how passwd behaves.
422
423 LC_CTYPE
424 Determines how passwd handles characters. When LC_CTYPE
425 is set to a valid value, passwd can display and handle
684
685 The human readable output is Uncommitted. The options are Committed.
686
687 SEE ALSO
688 at(1), batch(1), finger(1), kpasswd(1), login(1), nistbladm(1),
689 cron(1M), domainname(1M), eeprom(1M), id(1M), ldapclient(1M),
690 mkpwdict(1M), passmgmt(1M), pwconv(1M), su(1M), useradd(1M),
691 userdel(1M), usermod(1M), crypt(3C), getpwnam(3C), getspnam(3C),
692 getusershell(3C), nis_local_directory(3NSL), pam(3PAM), loginlog(4),
693 nsswitch.conf(4), pam.conf(4), passwd(4), policy.conf(4), shadow(4),
694 shells(4), attributes(5), environ(5), pam_authtok_check(5),
695 pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_ldap(5),
696 pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)
697
698 NOTES
699 The pam_unix(5) module is no longer supported. Similar functionality is
700 provided by pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5),
701 pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5),
702 pam_dhkeys(5), and pam_passwd_auth(5).
703
704 The nispasswd and ypasswd commands are wrappers around passwd. Use of
705 nispasswd and ypasswd is discouraged. Use passwd -r repository_name
706 instead.
707
708
709 NIS+ might not be supported in future releases of the Solaris operating
710 system. Tools to aid the migration from NIS+ to LDAP are available in
711 the current Solaris release. For more information, visit
712 http://www.sun.com/directory/nisplus/transition.html.
713
714
715 Changing a password in the files and ldap repositories clears the
716 failed login count.
717
718
719 Changing a password reactivates an account deactivated for inactivity
720 for the length of the inactivity period.
721
722
723 If /etc/shells is present, and is corrupted, it may provide an attack
724 vector that would compromise the system. The getusershell(3c) library
725 call has a pre-vetted list of shells, so /etc/shells should be used with
726 caution.
727
728
729 Input terminal processing might interpret some key sequences and not
730 pass them to the passwd command.
731
732
733 An account with no password, status code NP, might not be able to
734 login. See the login(1) PASSREQ option.
735
736
737
738 June 18, 2015 PASSWD(1)
|