Password Changes
A user is first prompted along with the old password. Old password is then encrypted and compared beside the stored password. A user has only one chance to enter the right password. The super user is permitted to bypass this step so that the forgotten passwords might be modified. After the password has been entered in the password-aging information is checked to see if the user is permitted to change the password at that particular time. If not, passwd refuses to modify the password and exits. A user is then prompted for a replacement password. That password is tested for complexity.
As a common guideline, passwords should consist of
6 to 8 characters involving one or more from each of the given sets:
- Lower case alphabets
- Upper case alphabets
- Digits 0 - 9
Care must be taken not to involve the system default kill or erase characters. passwd will reject any password that is not suitably complex. passwd will prompt again for the password and compare the second entry against the first if the password is accepted. Both entries are needed to match in order to modify the password.
Syntax
Passwd [options] username
The options that could be used with this command are -l
This option is used to lock the specified account and it is available to only the root user. The locking is performed through rendering the encrypted password into an invalid string (through prefixing the encrypted string with an!).
-u
This is the reverse of the previous option. It unlocks the account password through erasing the! Prefix. That option is available to only the root user. passwd will refuse to the create a passwordless account (it will not unlock an account which has only "!" as a password) by default. A force option -f will override this protection.
-d
This is a fast way of disabling a password for an account. This will set the named account passwordless. -d option is only available to the root user.
-S
This will output short information about the status of the password for a given account. -s is available to the root user only.
Associated files to be updated whenever the passwd command is used are
/etc/pam.d/passwd
Note: Within the case of SUN and SCO /etc/passwd
Practice
# passwd -L sudha
# passwd -U sudha
# passwd -d ramesh
# passwd -s ragu
The given command passwd will lock and unlock user sudha and disable the user ramesh and print the status for the user ragu.