1.\" Copyright (c) 1990, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)passwd.1 8.1 (Berkeley) 6/6/93 33.\" 34.Dd June 6, 1993 35.Dt PASSWD 1 36.Os BSD 4 37.Sh NAME 38.Nm passwd, yppasswd 39.Nd modify a user's password 40.Sh SYNOPSIS 41.Nm passwd 42.Op Fl l 43.Op Ar user 44.Sh DESCRIPTION 45.Nm Passwd 46changes the user's Kerberos password. First, the user is prompted for their 47current password. 48If the current password is correctly typed, a new password is 49requested. 50The new password must be entered twice to avoid typing errors. 51.Pp 52The new password should be at least six characters long and not 53purely alphabetic. 54Its total length must be less than 55.Dv _PASSWORD_LEN 56(currently 128 characters). 57Numbers, upper case letters and meta characters 58are encouraged. 59.Pp 60Once the password has been verified, 61.Nm passwd 62communicates the new password information to 63the Kerberos authenticating host. 64.Bl -tag -width flag 65.It Fl l 66This option causes the password to be updated only in the local 67password file, and not with the Kerberos database. 68When changing only the local password, 69.Xr pwd_mkdb 8 70is used to update the password databases. 71.El 72.Pp 73To change another user's Kerberos password, one must first 74run 75.Xr kinit 1 76followed by 77.Xr passwd 1 . 78The super-user is not required to provide a user's current password 79if only the local password is modified. 80.Sh NIS INTERACTION 81.Nm Passwd 82has built-in support for NIS. If a user exists in the NIS password 83database but does not exist locally, 84.Nm passwd 85automatically switches into ``yppasswd'' mode. If the specified 86user does not exist in either the local password database of the 87NIS password maps, 88.Nm passwd 89returns an error. 90The following additional options are supported for use with NIS: 91.Bl -tag -width flag 92.It Fl y 93The 94.Fl y 95flag overrides 96.Nm passwd 's 97checking heuristics and forces 98it into NIS mode. 99.It Fl l 100When NIS is enabled, the 101.Fl l 102flag can be used to force 103.Nm passwd 104into ``local only'' mode. This flag can be used to change the entry 105for a local user when an NIS user exists when the same login name. 106For example, you will sometimes find entries for system ``placeholder'' 107users such as 108.Pa bin 109or 110.Pa daemon 111in both the NIS password maps and the local user database. By 112default, 113.Nm passwd 114will try to change the NIS password. The 115.Fl l 116flag can be used to change the local password instead. 117.El 118.Pp 119When changing an NIS password, the user is required to provide 120the old password for authentication (the 121.Xr yppasswdd 8 122daemon requires the original password before 123it will allow any changes to the NIS password maps). 124This restriction applies even to the 125super-user: the only way for an administrator to override a 126user's NIS password is by modifying the NIS password maps on 127the master NIS server. 128.Sh FILES 129.Bl -tag -width /etc/master.passwd -compact 130.It Pa /etc/master.passwd 131The user database 132.It Pa /etc/passwd 133A Version 7 format password file 134.It Pa /etc/passwd.XXXXXX 135Temporary copy of the password file 136.El 137.Sh SEE ALSO 138.Xr chpass 1 , 139.Xr kerberos 1 , 140.Xr kinit 1 , 141.Xr login 1 , 142.Xr passwd 5 , 143.Xr kpasswdd 8 , 144.Xr pwd_mkdb 8 , 145.Xr vipw 8 146.Rs 147.%A Robert Morris 148.%A Ken Thompson 149.%T "UNIX password security" 150.Re 151.Sh NOTES 152The 153.Xr yppasswd 1 154command is really only a link to 155.Nm passwd . 156.Sh HISTORY 157A 158.Nm passwd 159command appeared in 160.At v6 . 161