passwd[-l |-d ][-f][-n min][ -x max][-w warn] name
passwd -s [-a]
passwd -g [name]
The following options can be used only by a privileged user:
- -l: Locks password entry for name.
- -d: Deletes password for name. The login name will not be prompted for password.
- -n: Sets minimum field for name. The min field contains the minimum number of days between password changes for name. If value of min >value of max, the user may not change the password.Always use this option with the -x option, unless max is set to -1(ageing turned off ). In that case, min need not be set.
- -x: Sets maximum field for name. The max field contains the number of days that the password is valid for name. The ageing of name will be turned off if max is set to -1.
- -w: Sets warn field for name. The warn field contains the number of days the user will be warned before the password expires.
- -a: Shows password attributes for all entries. Use only with -s option ; name must not be provided.
- -f: Forces the user to change password at the next login by expiring the password for name.
The format of the output will be:
name status mm/dd/yy min max warn
Or, if password ageing information is absent,
Super users may change any password; hence; passwd does not prompt privileged users for the old password. Privileged users are not forced to comply with password ageing and password construction requirements. A privileged user can create a null password by entering a carriage return in response to the prompt for a new password.
The passwd command exits with one of the following values:
1 Permission denied
2 Invalid combination of options
3 Unexpected failure. Password file unchanged.
4 Unexpected failure .Password file is missing.
5 Password file(s) busy .Try again later
6 Invalid argument to option.
If root deletes a password for a user with the passwd -d command and password ageing is in effect for that user, the user will not be allowed to add a new password until the NULL password has been aged.This is true even if the PASSREQ flag in /etc/login/default is set to YES. This results in a user without a password. It is recommended that the -f option be used with the -d option so that the user is forced to change the password at the next login.
The next post will list the rules for choosing a password and the details of the files used by the passwd command.