'\"macro stdmacro
.if n .pH g1.passwd @(#)passwd	40.6 of 10/10/89
.\" Copyright 1989 AT&T
.nr X
.if \nX=0 .ds x} passwd 1 "Essential Utilities" "\&"
.if \nX=1 .ds x} passwd 1 "Essential Utilities"
.if \nX=2 .ds x} passwd 1 "" "\&"
.if \nX=3 .ds x} passwd "" "" "\&"
.TH \*(x}
.SH NAME
\f4passwd\f1 \- change login password and password attributes
.SH SYNOPSIS
\f4passwd\f1
[ \f2name\f1 ]
.PP
\f4passwd\f1
\f1[ \f4\-l \f1| \f4\-d \f1] [ \f4\-f\f1 ]
[ \f4\-n \f2min\f1 ] [ \f4\-x \f2max\f1 ] [ \f4\-w \f2warn\f1 ] \f2name\f1
.PP
\f4passwd\f1
\f4\-s\f1
[ \f4\-a\f1 ]
.PP
\f4passwd\f1
\f4\-s\f1
[ \f2name\f1 ]
.SH DESCRIPTION
The \f4passwd\fP command changes the password or lists password attributes
associated with the user's login
.IR name. 
Additionally, privileged-users may use \f4passwd\fP to install or change
passwords and attributes associated with any login
.IR name.
.P
When used to change a password,
\f4passwd\fP
prompts ordinary users for their old password, if any.
It then prompts for the new password twice.  
When the old password is entered,
\f4passwd\fP
checks to see if it
has "aged" sufficiently.  
If "aging" is insufficient, \f4passwd\fP terminates; see \f4shadow\fP(4).
.P
Assuming aging is sufficient, a check is made to ensure 
that the new password meets construction requirements.  When the
new password is entered a second time, the two copies of the new 
password are compared.
If the two copies are not identical the cycle of prompting for the 
new password is repeated for at most two more times.
.P
Passwords must be constructed to meet the following requirements:
.RS
.sp
Each password must have at least six characters.
Only the first eight characters are significant.
.SM PASSLEN
is found in \f4/etc/default/passwd\fP and is set to 6.
.P
Each password must contain at least two alphabetic
characters and at least one numeric or special character.
In this case, "alphabetic" refers to all upper or lower
case letters.
.P
Each password must differ from the user's login 
.IR name
and any reverse
or circular shift of that login
.IR name .
For comparison purposes, an upper case letter and its corresponding lower 
case letter are equivalent.
.P
New passwords must differ from the old by at least three characters.
For comparison purposes, an upper case letter and its corresponding lower 
case letter are equivalent.
.RE
.P
Super-users (e.g., real and effective uid equal to zero, see
\f4id\fP(1M)
and 
\f4su\fP(1M))
may change any password; hence, 
\f4passwd\fP
does not prompt
privileged-users for the old password.
Privileged-users are not forced to comply with password aging and password  
construction requirements.
A privileged-user can create a null password by entering a carriage return in 
response to the prompt for a new password.
(This differs from \f4passwd \-d\f1 because the "password"
prompt will still be displayed.)
.P
Any user may use the \f4\-s\f1 option to show password attributes for his
or her own login
.IR name.
.P
The format of the display will be:
.P
.RS
\f2name\f1 \f2status mm/dd/yy \f2min\f1 \f2max\f1 \f2warn\f1 
.RE
.P
or, if password aging information is not present,
.P
.RS
\f2name\f1 \f2status\f1 
.RE
.P
where
.P
.TP 12
\f2name\f1
The login ID of the user.
.TP
\f2status\f1
The password status
of \f2name\f1: "PS" stands for passworded or locked, "LK" stands for locked,
and "NP" stands for no password.
.TP
\f2mm/dd/yy\f1
The date password 
was last changed for \f2name\f1.
(Note that all password aging dates are determined using Greenwich Mean Time
and, therefore, may differ by as much as a day in other time zones.)
.TP
\f2min\f1
The minimum number
of days required between password changes for \f2name\f1.  
.SM MINWEEKS
is found in \f4/etc/default/passwd\fP and is set to
.SM NULL.
.TP
\f2max\f1 
The maximum number of days the password is valid for \f2name\f1. 
.SM MAXWEEKS
is found in \f4/etc/default/passwd\fP and is set to
.SM NULL.
.TP
\f2warn\f1
The number of days relative to \f2max\f1 before the password expires that 
the \f2name\f1 will be warned.
.P
Only a privileged-user can use the following options:
.TP 10
\f4\-l\f1
Locks password entry for \f2name\f1.
.TP
\f4\-d\f1
Deletes password 
for \f2name\f1.
The login \f2name\f1 will not be prompted for 
password.
.TP
\f4\-n\f1
Set minimum field for \f2name\f1.
The \f2min\f1
field contains the minimum number of days between password
changes for \f2name\f1.
If \f2min\f1 is greater than \f2max\f1, the user may not
change the password.
Always use this option with the \f4\-x\f1 option,
unless \f2max\f1 is set to \-1 (aging turned off).
In that case, \f2min\f1 need not be set.
.TP
\f4\-x\f1
Set maximum field for \f2name\f1.
The \f2max\f1
field contains the number of days that the password
is valid for \f2name\f1.
The aging
for \f2name\f1
will be turned off immediately if \f2max\f1 is set to -1.
If it is set to 0, then the user is forced to
change the password at the next login session
and aging is turned off.
.TP
\f4\-w\f1
Set warn field for \f2name\f1.
The \f2warn\f1 field contains the number of days
before the password expires that the user will be warned.
.TP
\f4\-a\f1
Show password attributes for all entries.
Use
only with \f4\-s\f1 option;
\f2name\f1 must not be provided.
.TP
\f4\-f\f1
Force the user to change password at the
next login by expiring the password for \f2name\f1.
.SH FILES
/etc/shadow, /etc/passwd, /etc/oshadow
.SH "SEE ALSO"
\f4login\fP(1).
.br
\f4crypt\fP(3C), \f4passwd\fP(4), \f4shadow\fP(4) in the
\f2Programmer's Reference Manual\f1.
.br
\f4useradd\fP(1M), \f4usermod\fP(1M), \f4userdel\fP(1M),
\f4id\fP(1M), \f4passmgmt\fP(1M), \f4pwconv\fP(1M), \f4su\fP(1M), in the
\f2System Administrator's Reference Manual\f1.
.SH DIAGNOSTICS
The
\f4passwd\f1
command exits with one of the following values:
.IP 0 10
SUCCESS.
.IP 1 10
Permission denied.
.IP 2 10
Invalid combination of options. 
.IP 3 10
Unexpected failure.  Password file unchanged.
.IP 4 10
Unexpected failure.  Password file(s) missing.
.IP 5 10
Password file(s) busy.  Try again later.
.IP 6 10
Invalid argument to option.
.\"	@(#)passwd.1	6.2 of 9/2/83
.Ee

