2007-10-07 17:16:16 +05:30
|
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
2008-10-11 17:14:43 +05:30
|
|
|
|
<!--
|
|
|
|
|
Copyright (c) 1989 - 1994, Julianne Frances Haugh
|
2009-04-28 01:59:43 +05:30
|
|
|
|
Copyright (c) 2007 - 2009, Nicolas François
|
2008-10-11 17:14:43 +05:30
|
|
|
|
All rights reserved.
|
|
|
|
|
|
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
|
|
|
modification, are permitted provided that the following conditions
|
|
|
|
|
are met:
|
|
|
|
|
1. Redistributions of source code must retain the above copyright
|
|
|
|
|
notice, this list of conditions and the following disclaimer.
|
|
|
|
|
2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
documentation and/or other materials provided with the distribution.
|
|
|
|
|
3. The name of the copyright holders or contributors may not be used to
|
|
|
|
|
endorse or promote products derived from this software without
|
|
|
|
|
specific prior written permission.
|
|
|
|
|
|
|
|
|
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
|
|
``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
|
|
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
|
|
|
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
|
|
|
HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
|
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
|
|
|
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
|
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
|
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
|
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
|
|
|
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
-->
|
* man/login.defs.d/CONSOLE_GROUPS.xml,
man/login.defs.d/CONSOLE.xml, man/login.defs.d/DEFAULT_HOME.xml,
man/login.defs.d/ENV_HZ.xml, man/login.defs.d/ENVIRON_FILE.xml,
man/login.defs.d/ENV_PATH.xml, man/login.defs.d/ENV_SUPATH.xml,
man/login.defs.d/ENV_TZ.xml, man/login.defs.d/ERASECHAR.xml,
man/login.defs.d/FAIL_DELAY.xml,
man/login.defs.d/FAILLOG_ENAB.xml,
man/login.defs.d/FAKE_SHELL.xml, man/login.defs.d/FTMP_FILE.xml,
man/login.defs.d/HUSHLOGIN_FILE.xml,
man/login.defs.d/ISSUE_FILE.xml, man/login.defs.d/KILLCHAR.xml,
man/login.defs.d/LASTLOG_ENAB.xml, man/login.defs.d/LOGIN_RETRIES.xml,
man/login.defs.d/LOGIN_TIMEOUT.xml, man/login.defs.d/LOG_OK_LOGINS.xml,
man/login.defs.d/LOG_UNKFAIL_ENAB.xml,
man/login.defs.d/MAIL_CHECK_ENAB.xml, man/login.defs.d/MOTD_FILE.xml,
man/login.defs.d/NOLOGINS_FILE.xml,
man/login.defs.d/OBSCURE_CHECKS_ENAB.xml,
man/login.defs.d/PASS_ALWAYS_WARN.xml,
man/login.defs.d/PASS_CHANGE_TRIES.xml,
man/login.defs.d/PASS_MAX_LEN.xml,
man/login.defs.d/PORTTIME_CHECKS_ENAB.xml,
man/login.defs.d/QUOTAS_ENAB.xml, man/login.defs.d/SULOG_FILE.xml,
man/login.defs.d/SU_NAME.xml, man/login.defs.d/SU_WHEEL_ONLY.xml,
man/login.defs.d/SYSLOG_SG_ENAB.xml,
man/login.defs.d/SYSLOG_SU_ENAB.xml,
man/login.defs.d/TTYGROUP.xml, man/login.defs.d/TTYTYPE_FILE.xml,
man/login.defs.d/ULIMIT.xml, man/login.defs.d/USERGROUPS_ENAB.xml:
New documentation of login.defs variables.
* man/login.defs.d/MAIL_DIR.xml: Updated. It now contains the
MAIL_FILE documentation.
* man/login.defs.d/LOGIN_STRING.xml: Updated. Mentions %s.
* man/pwconv.8.xml, man/groupmems.8.xml, man/groupdel.8.xml,
man/useradd.8.xml, man/pwck.8.xml, man/groupadd.8.xml,
man/sulogin.8.xml, man/newgrp.1.xml, man/usermod.8.xml,
man/su.1.xml, man/vipw.8.xml, man/passwd.1.xml,
man/groupmod.8.xml, man/login.1.xml, man/userdel.8.xml,
man/grpck.8.xml: Added CONFIGURATION section.
* man/generate_mans.mak: The generations of manpages depends on
the variables from the Makefiles. Add the dependency on Makefile.
* man/login.defs.5.xml: New login.defs variable documented.
* man/Makefile.am: Added XML variable documentation to the
distributed files.
2007-12-09 04:54:40 +05:30
|
|
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
|
|
|
|
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
|
|
|
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
|
|
|
|
|
<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
|
|
|
|
|
<!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
|
|
|
|
|
<!ENTITY PASS_ALWAYS_WARN SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
|
|
|
|
|
<!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
|
|
|
|
|
<!ENTITY PASS_MAX_LEN SYSTEM "login.defs.d/PASS_MAX_LEN.xml">
|
|
|
|
|
<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
|
|
|
|
|
]>
|
2007-10-07 17:16:16 +05:30
|
|
|
|
<refentry id='passwd.1'>
|
2007-11-11 05:16:11 +05:30
|
|
|
|
<!-- $Id$ -->
|
2007-10-07 17:16:16 +05:30
|
|
|
|
<refmeta>
|
|
|
|
|
<refentrytitle>passwd</refentrytitle>
|
|
|
|
|
<manvolnum>1</manvolnum>
|
|
|
|
|
<refmiscinfo class="sectdesc">User Commands</refmiscinfo>
|
|
|
|
|
</refmeta>
|
|
|
|
|
<refnamediv id='name'>
|
|
|
|
|
<refname>passwd</refname>
|
|
|
|
|
<refpurpose>change user password</refpurpose>
|
|
|
|
|
</refnamediv>
|
|
|
|
|
|
|
|
|
|
<refsynopsisdiv id='synopsis'>
|
|
|
|
|
<cmdsynopsis>
|
|
|
|
|
<command>passwd</command>
|
2007-10-07 17:17:22 +05:30
|
|
|
|
<arg choice='opt'>
|
|
|
|
|
<replaceable>options</replaceable>
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</arg>
|
2007-10-07 17:17:57 +05:30
|
|
|
|
<arg choice='opt'>
|
|
|
|
|
<replaceable>LOGIN</replaceable>
|
|
|
|
|
</arg>
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</cmdsynopsis>
|
|
|
|
|
</refsynopsisdiv>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
|
2007-10-07 17:16:16 +05:30
|
|
|
|
<refsect1 id='description'>
|
|
|
|
|
<title>DESCRIPTION</title>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
<para>
|
2007-10-07 20:06:51 +05:30
|
|
|
|
The <command>passwd</command> command changes passwords for user accounts.
|
|
|
|
|
A normal user may only change the password for his/her own account, while
|
|
|
|
|
the superuser may change the password for any account.
|
2008-09-20 16:23:00 +05:30
|
|
|
|
<command>passwd</command> also changes the account or associated
|
|
|
|
|
password validity period.
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</para>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
|
2007-10-07 17:16:16 +05:30
|
|
|
|
<refsect2 id='password_changes'>
|
|
|
|
|
<title>Password Changes</title>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
<para>
|
2007-10-07 17:17:22 +05:30
|
|
|
|
The user is first prompted for his/her old password, if one is
|
2007-10-07 17:17:01 +05:30
|
|
|
|
present. This password is then encrypted and compared against the
|
|
|
|
|
stored password. The user has only one chance to enter the correct
|
2007-10-07 20:06:51 +05:30
|
|
|
|
password. The superuser is permitted to bypass this step so that
|
2007-10-07 17:17:01 +05:30
|
|
|
|
forgotten passwords may be changed.
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</para>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
|
|
|
|
|
<para>
|
2007-10-07 17:17:22 +05:30
|
|
|
|
After the password has been entered, password aging information is
|
2007-10-07 17:17:01 +05:30
|
|
|
|
checked to see if the user is permitted to change the password at
|
|
|
|
|
this time. If not, <command>passwd</command> refuses to change the
|
|
|
|
|
password and exits.
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</para>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
|
|
|
|
|
<para>
|
2007-10-07 17:17:33 +05:30
|
|
|
|
The user is then prompted twice for a replacement password. The
|
|
|
|
|
second entry is compared against the first and both are required to
|
|
|
|
|
match in order for the password to be changed.
|
|
|
|
|
</para>
|
|
|
|
|
|
|
|
|
|
<para>
|
|
|
|
|
Then, the password is tested for complexity. As a general guideline,
|
|
|
|
|
passwords should consist of 6 to 8 characters including one or more
|
|
|
|
|
characters from each of the following sets:
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</para>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
|
2007-10-07 17:16:25 +05:30
|
|
|
|
<itemizedlist mark='bullet'>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
<listitem>
|
|
|
|
|
<para>lower case alphabetics</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>digits 0 thru 9</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>punctuation marks</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</itemizedlist>
|
|
|
|
|
|
|
|
|
|
<para>
|
2007-10-07 17:17:22 +05:30
|
|
|
|
Care must be taken not to include the system default erase or kill
|
2007-10-07 17:17:01 +05:30
|
|
|
|
characters. <command>passwd</command> will reject any password which
|
|
|
|
|
is not suitably complex.
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</para>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</refsect2>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
|
2007-10-07 17:16:16 +05:30
|
|
|
|
<refsect2 id='hints_for_user_passwords'>
|
|
|
|
|
<title>Hints for user passwords</title>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
<para>
|
2007-10-07 17:17:22 +05:30
|
|
|
|
The security of a password depends upon the strength of the
|
2009-04-28 01:59:43 +05:30
|
|
|
|
encryption algorithm and the size of the key space. The legacy
|
2007-10-07 17:17:01 +05:30
|
|
|
|
<emphasis>UNIX</emphasis> System encryption method is based on the
|
2009-04-28 01:59:43 +05:30
|
|
|
|
NBS DES algorithm. More recent methods are now recommended (see
|
|
|
|
|
<option>ENCRYPT_METHOD</option>). The size of the key space
|
2007-10-07 17:17:01 +05:30
|
|
|
|
depends upon the randomness of the password which is selected.
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</para>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
|
|
|
|
|
<para>
|
2007-10-07 17:17:22 +05:30
|
|
|
|
Compromises in password security normally result from careless
|
2007-10-07 17:17:01 +05:30
|
|
|
|
password selection or handling. For this reason, you should not
|
|
|
|
|
select a password which appears in a dictionary or which must be
|
|
|
|
|
written down. The password should also not be a proper name, your
|
|
|
|
|
license number, birth date, or street address. Any of these may be
|
|
|
|
|
used as guesses to violate system security.
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</para>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
|
|
|
|
|
<para>
|
2008-05-21 23:55:48 +05:30
|
|
|
|
You can find advices on how to choose a strong password on
|
|
|
|
|
http://en.wikipedia.org/wiki/Password_strength
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</para>
|
|
|
|
|
</refsect2>
|
|
|
|
|
</refsect1>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
|
|
|
|
|
<refsect1 id='options'>
|
|
|
|
|
<title>OPTIONS</title>
|
|
|
|
|
<para>
|
|
|
|
|
The options which apply to the <command>passwd</command> command are:
|
|
|
|
|
</para>
|
|
|
|
|
<variablelist remap='IP'>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term>
|
|
|
|
|
<option>-a</option>, <option>--all</option>
|
|
|
|
|
</term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
This option can be used only with <option>-S</option> and causes show
|
|
|
|
|
status for all users.
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term>
|
|
|
|
|
<option>-d</option>, <option>--delete</option>
|
|
|
|
|
</term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
Delete a user's password (make it empty). This is a quick way
|
|
|
|
|
to disable a password for an account. It will set the named
|
|
|
|
|
account passwordless.
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term>
|
|
|
|
|
<option>-e</option>, <option>--expire</option>
|
|
|
|
|
</term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
2007-10-07 17:17:22 +05:30
|
|
|
|
Immediately expire an account's password. This in effect can
|
|
|
|
|
force a user to change his/her password at the user's next login.
|
2007-10-07 17:17:01 +05:30
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><option>-h</option>, <option>--help</option></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Display help message and exit.</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term>
|
|
|
|
|
<option>-i</option>, <option>--inactive</option> <replaceable>INACTIVE</replaceable>
|
|
|
|
|
</term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
This option is used to disable an account after the password has
|
|
|
|
|
been expired for a number of days. After a user account has had
|
|
|
|
|
an expired password for <replaceable>INACTIVE</replaceable>
|
|
|
|
|
days, the user may no longer sign on to the account.
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term>
|
|
|
|
|
<option>-k</option>, <option>--keep-tokens</option>
|
|
|
|
|
</term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
2007-10-07 20:06:51 +05:30
|
|
|
|
Indicate password change should be performed only for expired
|
2007-10-07 17:17:01 +05:30
|
|
|
|
authentication tokens (passwords). The user wishes to keep their
|
|
|
|
|
non-expired tokens as before.
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term>
|
|
|
|
|
<option>-l</option>, <option>--lock</option>
|
|
|
|
|
</term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
2008-08-22 07:46:21 +05:30
|
|
|
|
Lock the password of the named account. This option disables a
|
|
|
|
|
password by changing it to a value which matches no possible
|
|
|
|
|
encrypted value (it adds a ´!´ at the beginning of the
|
|
|
|
|
password).
|
|
|
|
|
</para>
|
|
|
|
|
<para>
|
|
|
|
|
Note that this does not disable the account. The user may
|
|
|
|
|
still be able to login using another authentication token
|
|
|
|
|
(e.g. an SSH key). To disable the account, administrators
|
|
|
|
|
should use <command>usermod --expiredate 1</command> (this set
|
|
|
|
|
the account's expire date to Jan 2, 1970).
|
|
|
|
|
</para>
|
|
|
|
|
<para>
|
|
|
|
|
Users with a locked password are not allowed to change their
|
|
|
|
|
password.
|
2007-10-07 17:17:01 +05:30
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term>
|
2007-10-07 17:17:33 +05:30
|
|
|
|
<option>-m</option>, <option>--mindays</option> <replaceable>MIN_DAYS</replaceable>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
</term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
2007-10-07 17:17:33 +05:30
|
|
|
|
Set the minimum number of days between password changes to
|
|
|
|
|
<replaceable>MIN_DAYS</replaceable>. A value of zero for this field
|
|
|
|
|
indicates that the user may change his/her password at any time.
|
2007-10-07 17:17:01 +05:30
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term>
|
|
|
|
|
<option>-q</option>, <option>--quiet</option>
|
|
|
|
|
</term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
2007-10-07 17:17:11 +05:30
|
|
|
|
Quiet mode.
|
2007-10-07 17:17:01 +05:30
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term>
|
|
|
|
|
<option>-r</option>, <option>--repository</option> <replaceable>REPOSITORY</replaceable>
|
|
|
|
|
</term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
change password in <replaceable>REPOSITORY</replaceable> repository
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term>
|
|
|
|
|
<option>-S</option>, <option>--status</option>
|
|
|
|
|
</term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
Display account status information. The status information
|
2007-10-07 17:17:22 +05:30
|
|
|
|
consists of 7 fields. The first field is the user's login name.
|
2008-08-22 07:46:21 +05:30
|
|
|
|
The second field indicates if the user account has a locked
|
|
|
|
|
password (L),
|
2007-10-07 17:17:01 +05:30
|
|
|
|
has no password (NP), or has a usable password (P). The third
|
|
|
|
|
field gives the date of the last password change. The next four
|
|
|
|
|
fields are the minimum age, maximum age, warning period, and
|
|
|
|
|
inactivity period for the password. These ages are expressed in
|
|
|
|
|
days.
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term>
|
|
|
|
|
<option>-u</option>, <option>--unlock</option>
|
|
|
|
|
</term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
2008-08-22 07:46:21 +05:30
|
|
|
|
Unlock the password of the named account. This option
|
|
|
|
|
re-enables a password by changing the password back to its
|
|
|
|
|
previous value (to the value before using the
|
2009-05-22 19:20:45 +05:30
|
|
|
|
<option>-l</option> option).
|
2007-10-07 17:17:01 +05:30
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term>
|
|
|
|
|
<option>-w</option>, <option>--warndays</option> <replaceable>WARN_DAYS</replaceable>
|
|
|
|
|
</term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
Set the number of days of warning before a password change is
|
|
|
|
|
required. The <replaceable>WARN_DAYS</replaceable> option is
|
|
|
|
|
the number of days prior to the password expiring that a user
|
2007-10-07 17:17:22 +05:30
|
|
|
|
will be warned that his/her password is about to expire.
|
2007-10-07 17:17:01 +05:30
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term>
|
|
|
|
|
<option>-x</option>, <option>--maxdays</option> <replaceable>MAX_DAYS</replaceable>
|
|
|
|
|
</term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
Set the maximum number of days a password remains valid. After
|
|
|
|
|
<replaceable>MAX_DAYS</replaceable>, the password is required
|
|
|
|
|
to be changed.
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
</variablelist>
|
|
|
|
|
</refsect1>
|
|
|
|
|
|
2007-10-07 17:16:16 +05:30
|
|
|
|
<refsect1 id='caveats'>
|
|
|
|
|
<title>CAVEATS</title>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
<para>
|
2009-04-28 01:59:43 +05:30
|
|
|
|
Password complexity checking may
|
2007-10-07 17:17:01 +05:30
|
|
|
|
vary from site to site. The user is urged to select a password as
|
2009-04-28 01:59:43 +05:30
|
|
|
|
complex as he or she feels comfortable with.
|
|
|
|
|
</para>
|
|
|
|
|
<para>
|
|
|
|
|
Users may not be able to
|
2007-10-07 17:17:22 +05:30
|
|
|
|
change their password on a system if NIS is enabled and they are not
|
|
|
|
|
logged into the NIS server.
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</para>
|
2009-04-12 05:02:00 +05:30
|
|
|
|
<para condition="pam">
|
|
|
|
|
<command>passwd</command> uses PAM to authenticate users and to
|
|
|
|
|
change their passwords.
|
|
|
|
|
</para>
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</refsect1>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
|
* man/login.defs.d/CONSOLE_GROUPS.xml,
man/login.defs.d/CONSOLE.xml, man/login.defs.d/DEFAULT_HOME.xml,
man/login.defs.d/ENV_HZ.xml, man/login.defs.d/ENVIRON_FILE.xml,
man/login.defs.d/ENV_PATH.xml, man/login.defs.d/ENV_SUPATH.xml,
man/login.defs.d/ENV_TZ.xml, man/login.defs.d/ERASECHAR.xml,
man/login.defs.d/FAIL_DELAY.xml,
man/login.defs.d/FAILLOG_ENAB.xml,
man/login.defs.d/FAKE_SHELL.xml, man/login.defs.d/FTMP_FILE.xml,
man/login.defs.d/HUSHLOGIN_FILE.xml,
man/login.defs.d/ISSUE_FILE.xml, man/login.defs.d/KILLCHAR.xml,
man/login.defs.d/LASTLOG_ENAB.xml, man/login.defs.d/LOGIN_RETRIES.xml,
man/login.defs.d/LOGIN_TIMEOUT.xml, man/login.defs.d/LOG_OK_LOGINS.xml,
man/login.defs.d/LOG_UNKFAIL_ENAB.xml,
man/login.defs.d/MAIL_CHECK_ENAB.xml, man/login.defs.d/MOTD_FILE.xml,
man/login.defs.d/NOLOGINS_FILE.xml,
man/login.defs.d/OBSCURE_CHECKS_ENAB.xml,
man/login.defs.d/PASS_ALWAYS_WARN.xml,
man/login.defs.d/PASS_CHANGE_TRIES.xml,
man/login.defs.d/PASS_MAX_LEN.xml,
man/login.defs.d/PORTTIME_CHECKS_ENAB.xml,
man/login.defs.d/QUOTAS_ENAB.xml, man/login.defs.d/SULOG_FILE.xml,
man/login.defs.d/SU_NAME.xml, man/login.defs.d/SU_WHEEL_ONLY.xml,
man/login.defs.d/SYSLOG_SG_ENAB.xml,
man/login.defs.d/SYSLOG_SU_ENAB.xml,
man/login.defs.d/TTYGROUP.xml, man/login.defs.d/TTYTYPE_FILE.xml,
man/login.defs.d/ULIMIT.xml, man/login.defs.d/USERGROUPS_ENAB.xml:
New documentation of login.defs variables.
* man/login.defs.d/MAIL_DIR.xml: Updated. It now contains the
MAIL_FILE documentation.
* man/login.defs.d/LOGIN_STRING.xml: Updated. Mentions %s.
* man/pwconv.8.xml, man/groupmems.8.xml, man/groupdel.8.xml,
man/useradd.8.xml, man/pwck.8.xml, man/groupadd.8.xml,
man/sulogin.8.xml, man/newgrp.1.xml, man/usermod.8.xml,
man/su.1.xml, man/vipw.8.xml, man/passwd.1.xml,
man/groupmod.8.xml, man/login.1.xml, man/userdel.8.xml,
man/grpck.8.xml: Added CONFIGURATION section.
* man/generate_mans.mak: The generations of manpages depends on
the variables from the Makefiles. Add the dependency on Makefile.
* man/login.defs.5.xml: New login.defs variable documented.
* man/Makefile.am: Added XML variable documentation to the
distributed files.
2007-12-09 04:54:40 +05:30
|
|
|
|
<refsect1 id='configuration' condition="no_pam">
|
|
|
|
|
<title>CONFIGURATION</title>
|
|
|
|
|
<para>
|
|
|
|
|
The following configuration variables in
|
|
|
|
|
<filename>/etc/login.defs</filename> change the behavior of this
|
|
|
|
|
tool:
|
|
|
|
|
</para>
|
|
|
|
|
<variablelist>
|
|
|
|
|
&ENCRYPT_METHOD;
|
|
|
|
|
&MD5_CRYPT_ENAB;
|
|
|
|
|
&OBSCURE_CHECKS_ENAB;
|
|
|
|
|
&PASS_ALWAYS_WARN;
|
|
|
|
|
&PASS_CHANGE_TRIES;
|
|
|
|
|
&PASS_MAX_LEN; <!-- documents also PASS_MIN_LEN -->
|
|
|
|
|
&SHA_CRYPT_MIN_ROUNDS;
|
|
|
|
|
</variablelist>
|
|
|
|
|
</refsect1>
|
|
|
|
|
|
2007-10-07 17:16:16 +05:30
|
|
|
|
<refsect1 id='files'>
|
|
|
|
|
<title>FILES</title>
|
|
|
|
|
<variablelist>
|
|
|
|
|
<varlistentry>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
<term><filename>/etc/passwd</filename></term>
|
|
|
|
|
<listitem>
|
2007-10-07 17:17:33 +05:30
|
|
|
|
<para>User account information.</para>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
</listitem>
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
<term><filename>/etc/shadow</filename></term>
|
|
|
|
|
<listitem>
|
2007-10-07 17:17:33 +05:30
|
|
|
|
<para>Secure user account information.</para>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
</listitem>
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</varlistentry>
|
2009-05-09 18:45:03 +05:30
|
|
|
|
<varlistentry condition="no_pam">
|
|
|
|
|
<term><filename>/etc/login.defs</filename></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Shadow password suite configuration.</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry condition="pam">
|
|
|
|
|
<term><filename>/etc/pam.d/passwd</filename></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>PAM configuration for <command>passwd</command>.</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</variablelist>
|
|
|
|
|
</refsect1>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
|
2007-10-07 17:16:16 +05:30
|
|
|
|
<refsect1 id='exit_values'>
|
|
|
|
|
<title>EXIT VALUES</title>
|
2007-10-07 17:16:25 +05:30
|
|
|
|
<para>
|
|
|
|
|
The <command>passwd</command> command exits with the following values:
|
|
|
|
|
<variablelist>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><replaceable>0</replaceable></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>success</para>
|
|
|
|
|
</listitem>
|
2007-10-07 17:16:25 +05:30
|
|
|
|
</varlistentry>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><replaceable>1</replaceable></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>permission denied</para>
|
|
|
|
|
</listitem>
|
2007-10-07 17:16:25 +05:30
|
|
|
|
</varlistentry>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><replaceable>2</replaceable></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>invalid combination of options</para>
|
|
|
|
|
</listitem>
|
2007-10-07 17:16:25 +05:30
|
|
|
|
</varlistentry>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><replaceable>3</replaceable></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>unexpected failure, nothing done</para>
|
|
|
|
|
</listitem>
|
2007-10-07 17:16:25 +05:30
|
|
|
|
</varlistentry>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><replaceable>4</replaceable></term>
|
|
|
|
|
<listitem>
|
2007-10-07 17:17:33 +05:30
|
|
|
|
<para>unexpected failure, <filename>passwd</filename> file missing</para>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
</listitem>
|
2007-10-07 17:16:25 +05:30
|
|
|
|
</varlistentry>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><replaceable>5</replaceable></term>
|
|
|
|
|
<listitem>
|
2007-10-07 17:17:33 +05:30
|
|
|
|
<para><filename>passwd</filename> file busy, try again</para>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
</listitem>
|
2007-10-07 17:16:25 +05:30
|
|
|
|
</varlistentry>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><replaceable>6</replaceable></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>invalid argument to option</para>
|
|
|
|
|
</listitem>
|
2007-10-07 17:16:25 +05:30
|
|
|
|
</varlistentry>
|
|
|
|
|
</variablelist>
|
|
|
|
|
</para>
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</refsect1>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
|
2007-10-07 17:16:16 +05:30
|
|
|
|
<refsect1 id='see_also'>
|
|
|
|
|
<title>SEE ALSO</title>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
<para>
|
2007-10-07 17:16:16 +05:30
|
|
|
|
<citerefentry>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</citerefentry>,
|
|
|
|
|
<citerefentry>
|
2007-10-07 17:17:01 +05:30
|
|
|
|
<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
|
2009-05-09 18:45:03 +05:30
|
|
|
|
</citerefentry>,
|
2009-05-26 00:59:19 +05:30
|
|
|
|
<phrase condition="no_pam">
|
|
|
|
|
<citerefentry>
|
|
|
|
|
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
|
|
|
|
|
</citerefentry>,
|
|
|
|
|
</phrase>
|
2008-08-22 07:46:21 +05:30
|
|
|
|
<citerefentry>
|
|
|
|
|
<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
|
|
|
|
|
</citerefentry>.
|
2007-10-07 17:16:16 +05:30
|
|
|
|
</para>
|
|
|
|
|
</refsect1>
|
|
|
|
|
</refentry>
|