passwd [ -R load_module ] [ -f | -s ] [ User ]
The passwd command sets and changes passwords for users. Use this command to change your own password or another user's password. You can also use the passwd command to change the full name (gecos) associated with your login name and the shell you use as an interface to the operating system.
Depending on how the user is defined, the user's password can exist locally or remotely. Local passwords exist in the /etc/security/passwd database. Remote passwords exist in the Network Information Service (NIS) or Distributed Computing Environment (DCE) database.
To change your own password, enter the passwd command. The passwd command prompts the nonroot user for the old password (if one exists) and then prompts for the new password twice. (The password never appears on the screen.) If the two entries of the new password do not match, the passwd command prompts for the new password again.
Note: The passwd command uses only the first eight characters of your password for local and NIS passwords. Only 7-bit characters are supported in passwords. For this reason, National Language Support (NLS) code points are not allowed in passwords.
To change another user's password, enter the passwd command and the user's login name (the User parameter). Only the root user or a member of the security group is permitted to change the password for another user. The passwd command prompts you for the old password of the user as well as the new password. However, the passwd command does not prompt the root user for either the old user password or the root password or enforce any password restrictions upon the root user.
The /etc/passwd file records your full name and the path name of the shell that you use. To change your recorded name, enter the passwd -f command. To change your login shell, enter the passwd -s command.
Construct locally defined
passwords according to the password restrictions in the
/etc/security/user configuration file. This file contains
the following restrictions:
If the root user adds the NOCHECK attribute to your flags entry in the /etc/security/passwd file, your password does not need to meet these restrictions. Also, the root user can assign new passwords to other users without following the password restrictions.
If the root user adds the ADMIN attribute to your flags entry or if the password field in the /etc/passwd file contains an * (asterisk), only the root user can change your password. The root user also has the exclusive privilege of changing your password if the password field in /etc/passwd contains an ! (exclamation point) and the password field in the /etc/security/passwd file contains an *.
If the root user changes your password, the ADMCHG attribute is automatically added to your flags entry in the /etc/security/passwd file. In this case, you must change the password the next time you log in.
If the user's registry value in the /etc/security/user file is either DCE or NIS, the password change can only occur in the specified database.
Access Control: This program should be installed as part of the Trusted Computing Base with execute access for all users. In addition, this program should run setuid to the root user in order to get write access to the password files.
Mode | File |
---|---|
r | /etc/security/user |
rx | /usr/lib/security/DCE |
rx | /usr/lib/security/NIS |
rw | /etc/passwd |
rw | /etc/security/passwd |
r | /etc/security/login.cfg |
Event | Information |
---|---|
PASSWORD_Change | user |
passwd
The passwd command prompts you for your old password, if it exists and you are not the root user. After you enter the old password, the command prompts you twice for the new password.
sam's current gecos: "Sam Smith" Change (yes) or no)? >
If you enter a Y for yes, the passwd command prompts you for the new name. The passwd command records the name you enter in the /etc/passwd file.
Change (yes) or (no)? >
If you enter a Y for yes, the passwd command prompts you for the shell to use. The next time you log in, the system provides the shell that you specify here.
The chfn command, chsh command, login command, pwdadm command, pwdck command.
The getpass subroutine, newpass subroutine.
Security Administration in AIX 5L Version 5.1 System Management Guide: Operating System and Devices.
Trusted Computing Base Overview in AIX 5L Version 5.1 System Management Guide: Operating System and Devices.
Shells Overview in AIX 5L Version 5.1 System User's Guide: Operating System and Devices to learn more about the available shells.