PASSWD(1)                  OpenBSD Reference Manual                  PASSWD(1)

NAME
     passwd - modify a user's password



SYNOPSIS
     passwd [-l] [-y] [-k] [-n name] [-i instance] [-r realm] [-u
            username[.instance][@realm]] [user]

DESCRIPTION
     passwd changes the user's local, Kerberos, or YP password.  First, the
     user is prompted for their current password.  If the current password is
     correctly typed, a new password is requested.  The new password must be
     entered twice to avoid typing errors.

     The new password should be at least six characters long and not purely
     alphabetic.  Its total length must be less than _PASSWORD_LEN (currently
     128 characters).  Numbers, upper case letters and meta-characters are en-
     couraged.

     -l    Causes the password to be updated only in the local password file.
           When changing only the local password, pwd_mkdb(8) is used to up-
           date the password databases.

     -y    Forces the YP password database entry to be changed, even if the
           user has an entry in the local database.  The rpc.yppasswdd(8) dae-
           mon should be running on the YP master server.

     -k    Forces the change to affect the Kerberos database, even if the user
           has a password in the local database.  Once the password has been
           verified, passwd communicates the new password information to the
           Kerberos authenticating host.

     The following flags are only used when the -k flag is specified:

     -n name
           Specifies a name that will be used as the principal name rather
           than  the  username of the user running passwd. (This is determined
           from the ticket file  if  it exists;  otherwise, it is determined
           from the Unix user ID.)

     -i instance
           Specifies an instance to use rather than a null instance.

     -r realm
           Specifies a realm instead of the local realm.

     -u username[.instance][@realm]
           Specifies a fully qualified kerberos principal.

     This is the behavior if no flags are specified: if Kerberos is active
     then passwd will talk to the Kerberos server (even if the user has an en-
     try in the local database).  If the password is not in the local password
     database, then an attempt is made to use the YP database.

     To change another user's Kerberos password, one must first run kinit(1)
     followed by passwd(1).  The super-user is not required to provide a us-
     er's current password if only the local password is modified.

     Which type of cipher is used to encrypt the password information depends
     on the configuration in passwd.conf(5).  It can be different for local
     and YP passwords.

FILES


     /etc/master.passwd  user database
     /etc/passwd         a Version 7 format password file
     /etc/passwd.XXXXXX  temporary copy of the password file
     /etc/passwd.conf    configuration options

SEE ALSO
     chpass(1),  kerberos(1),  kinit(1),  login(1),  passwd(5),
     passwd.conf(5),  kpasswdd(8),  pwd_mkdb(8),  vipw(8)

     Robert Morris, and Ken Thompson, UNIX password security.

HISTORY
     A passwd command appeared in Version 6 AT&T UNIX.

OpenBSD 2.6                      July 24, 1991                               2