passwdc [target] [user] [-c file] [-x max] [-n min] [-w warn] [-i inact]
passwdc -g [target] [-c file]
Using this command you can change the password of a given user on a group of hosts. The passwdc asks for the old and new passwords and then connects with each passwdd daemon to request the modification.
If the target user is not specified, then the password of the currently logged user will be changed. If the user is not specified then the the password change request will originate from the logged user.
The password, entered by the users, is tested for complexity. As a general guideline, passwords should consist of 6 to 8 characters including one or more from each of following sets:
|Lower case alphabetics|
|Upper case alphabetics|
|Digits 0 thru 9|
Care must be taken not to include the system default erase or kill characters. passwdd will reject any password which is not suitably complex.
The password aging information may be changed by a master user with the -x, -n, -w, and -i options. The -x option is used to set the maximum number of days a password remains valid. After max days, the password is required to be changed. The -n option is used to set the minimum number of days before a password may be changed. The user will not be permitted to change the password until min days have elapsed. The -w option is used to set the number of days of warning the user will receive before their password will expire. The warning occurs warn days before the expiration, telling the user how many days until the password is set to expire. The -i option is used to disable an account after the password has been expired for a number of days. After a user account has had an expired password for inact days, the user may no longer sign on to the account.
When the -g option is used, the password for the named group is changed. The user must either be a master user for the whole group, or a group administrator for the named group. The current group password is not prompted for. The whole group should be allowed to be modified via the passwdd utility in order to change its password.
Group passwords are an inherent security problem since more than one person is permitted to know the password. However, groups are a useful tool for permitting co-operation between different users.
The security of a password depends upon the strength of the encryption algorithm and the size of the key space. The UNIX System encryption method is based on the NBS DES algorithm. The size of the key space depends upon the randomness of the password which is selected. The modern linux systems use the MD5 hash algorithm which is considered as more secure.
Compromises in password security normally result from careless password selection or handling. For this reason, you should select a password which does not appear in a dictionary or which must be written down. The password should also not be a proper name, your license number, birth date, or street address. Any of these may be used as guesses to violate system security.
Your password must easily remembered so that you will not be forced to write it on a piece of paper. This can be accomplished by appending two small words together and separating each with a special character or digit. For example, Pass%word.
Other methods of construction involve selecting an easily remembered phrase from literature and selecting the first or last letter from each. An example of this is “Ask not for whom the bell tolls.” which produces “An4wtbt.” You may be reasonably sure few crackers will have included this in their dictionary. You should, however, select your own methods for constructing passwords and not rely exclusively on the methods given here.
passwdc recognizes these options:
Use the file specifed as a parameter of the option to configure the daemon.
Use this option to set the maximum number of days a password remains valid.
Use this option to set the minimum number of days before a password may be changed.
Use this option to set the number of days before a password expiration, for the user to receive a warning.
Use this option to set the number of days after the expiration of a password, for the account to be marked inactive.
Set a group password.
Configuration data for the passwdc utility. For more information see the passwdc.conf(5) manpage.
If not-null the full pathname for an alternate configuration file. Overridden by the -c option.
There should be some. If you found one or more of them send a mail and I will do my best to fix them.