passwdc

Name

passwdc — PASSWorD synchronization Client
passwdc [target] [user] [-c file] [-x max] 
        [-n min] [-w warn] [-i inact]
passwdc -g [target] [-c file] 

DESCRIPTION

Using this command you can change the password of a given user on a group of hosts. The passwdc asks for the old and new passwords and then connects with each passwdd daemon to request the modification.

If the target user is not specified, then the password of the currently logged user will be changed. If the user is not specified then the the password change request will originate from the logged user.

Password Changes

The password, entered by the users, is tested for complexity. As a general guideline, passwords should consist of 6 to 8 characters including one or more from each of following sets:

Lower case alphabetics
Upper case alphabetics
Digits 0 thru 9
Punctuation marks

Care must be taken not to include the system default erase or kill characters. passwdd will reject any password which is not suitably complex.

Password expiry information

The password aging information may be changed by a master user with the -x, -n, -w, and -i options. The -x option is used to set the maximum number of days a password remains valid. After max days, the password is required to be changed. The -n option is used to set the minimum number of days before a password may be changed. The user will not be permitted to change the password until min days have elapsed. The -w option is used to set the number of days of warning the user will receive before their password will expire. The warning occurs warn days before the expiration, telling the user how many days until the password is set to expire. The -i option is used to disable an account after the password has been expired for a number of days. After a user account has had an expired password for inact days, the user may no longer sign on to the account.

Group passwords

When the -g option is used, the password for the named group is changed. The user must either be a master user for the whole group, or a group administrator for the named group. The current group password is not prompted for. The whole group should be allowed to be modified via the passwdd utility in order to change its password.

Notes about group passwords

Group passwords are an inherent security problem since more than one person is permitted to know the password. However, groups are a useful tool for permitting co-operation between different users.

Hints for user passwords

The security of a password depends upon the strength of the encryption algorithm and the size of the key space. The UNIX System encryption method is based on the NBS DES algorithm. The size of the key space depends upon the randomness of the password which is selected. The modern linux systems use the MD5 hash algorithm which is considered as more secure.

Compromises in password security normally result from careless password selection or handling. For this reason, you should select a password which does not appear in a dictionary or which must be written down. The password should also not be a proper name, your license number, birth date, or street address. Any of these may be used as guesses to violate system security.

Your password must easily remembered so that you will not be forced to write it on a piece of paper. This can be accomplished by appending two small words together and separating each with a special character or digit. For example, Pass%word.

Other methods of construction involve selecting an easily remembered phrase from literature and selecting the first or last letter from each. An example of this is “Ask not for whom the bell tolls.” which produces “An4wtbt.” You may be reasonably sure few crackers will have included this in their dictionary. You should, however, select your own methods for constructing passwords and not rely exclusively on the methods given here.

OPTIONS

passwdc recognizes these options:

-c file

Use the file specifed as a parameter of the option to configure the daemon.

-x max

Use this option to set the maximum number of days a password remains valid.

-n min

Use this option to set the minimum number of days before a password may be changed.

-w warn

Use this option to set the number of days before a password expiration, for the user to receive a warning.

-i inact

Use this option to set the number of days after the expiration of a password, for the account to be marked inactive.

-g

Set a group password.

FILES

/usr[/local]/etc/passwdc.conf

Configuration data for the passwdc utility. For more information see the passwdc.conf(5) manpage.

ENVIRONMENT

PASSWDCCONF

If not-null the full pathname for an alternate configuration file. Overridden by the -c option.

BUGS

There should be some. If you found one or more of them send a mail and I will do my best to fix them.

AUTHOR

SEE ALSO

passwdc.conf(5), passwdd(8), passwdd.conf(5), passwd(5), shadow(5).