passwd(1)							    passwd(1)



NAME

  passwd, chfn, chsh - Changes password file information

SYNOPSIS

  passwd [-f | -s] [username]

  chfn [username]

  chsh [username]

  This security-sensitive command uses the SIA (Security Integration Archi-
  tecture) routine as an interface to the security mechanisms. See the
  matrix.conf(4) reference page for more information.

DESCRIPTION

  The passwd command changes (or installs) the password associated with your
  username (by default) or the specified username.

  The chfn command changes GECOS information associated with your username or
  the specified username.  (GECOS is an obsolete term that refers to the
  finger information field of the passwd structure as defined in the pwd.h
  file and the finger information field of the /etc/passwd file as described
  in the passwd(4) reference page.)

  The chsh command changes the login shell of your username or of the speci-
  fied username.

  When using the passwd command to alter a password, the command prompts for
  the current password and then for the new one.  The caller must supply
  both.	 The new password must be typed twice to forestall mistakes.

  Each password must have at least six characters and can include digits,
  symbols, and the letters of your alphabet.  It is strongly suggested that
  you include unusual punctuation, control characters, or digits in your
  password.  Use of only lowercase letters is discouraged.  If you enter more
  than eight characters when creating a password, the passwd command ignores
  any characters after the eighth.

  When altering the GECOS information field, the chfn command displays the
  current information, broken into fields, as interpreted by the finger pro-
  gram, among others, and prompts for new values.  These fields include a
  user's proper name, office room number, office phone number, and home phone
  number.  Included in each prompt is a default value, which is enclosed in [
  ] (brackets).	 The default value is accepted simply by pressing .
  To enter a blank field, the word none can be entered.

  The chfn command allows phone numbers to be entered with or without dashes.
  It is a good idea to run finger after changing the GECOS information to
  make sure everything is set up properly.

  A superuser can change anyone's GECOS information; other users can only
  change their own.

  When altering a login shell, the chsh command displays the current login
  shell and then prompts for the new one.  The new login shell must be one of
  the approved shells listed in the /etc/shells file unless you have
  superuser privileges.	 If the /etc/shells file does not exist, the only
  shells that can be specified are /usr/bin/sh and /usr/bin/csh.

  Note that if you specify an abbreviated shell name, the command chooses the
  first entry in the /etc/shells file that matches the shell abbreviation.
  For example, if you specify ksh, and both the /bin/ksh and /usr/bin/ksh
  shells are included in the /etc/shells file, the shell is changed to the
  shell that is specified first.

  A superuser can change anyone's login shell; normal users can only change
  their own login shell.

				 Security Note
       When you use the passwd command, with enhanced security installed, the
       system prompts for the existing password, and begins a password soli-
       citation dialog that depends on the options for password generation
       the administrator has enabled for your account.	There are four possi-
       ble options:

       Random syllables
		 A pronounceable password made up of meaningless syllables.

       Random characters
		 An unpronounceable password made up of random characters
		 from the character set.

       Random letters
		 An unpronounceable password made up of random letters from
		 the alphabet.

       User supplied
		 A user specified password, which is subject to length and
		 triviality restrictions.

       A maximum length is specified for all user passwords.  The minimum
       password length depends on several parameters set in the authentica-
       tion databases.

       The system requires a minimum time to elapse before you can change
       your password.  This stops you from reusing an old password too soon.

       A password expires after a period of time known as the expiration
       time.  The system warns you when the expiration time is drawing near.

       A password dies after a period of time known as the password lifetime.
       After the lifetime passes, your account is locked until the adminis-
       trator reenables it.  After unlocking, you must change your password
       again before you can use your account.

       When you successfully type your old password, the system prints the
       last successful and unsuccessful password change times.	Make sure
       that these times are accurate; use them to detect attempted password
       changes by an unauthorized user.

       You can change your own password if the administrator has enabled any
       of the password generation options for your account.

       See the Security manual for detailed instructions on changing your
       password.

				 End Security Note

FLAGS

  -f  Invokes the chfn command when given with the passwd command.

  -s  Invokes the chsh command when given with the passwd command.

EXAMPLES

   1.  To change your password, enter:
	    passwd


       You are prompted for your old password (if it exists).  You are then
       prompted twice for the new password.

   2.  To change the office number and building values in your GECOS informa-
       tion, enter:
	    chfn


       Your current GECOS values are displayed.	 Follow the instructions and
       change your office number.  For example, enter:
	    Name [Huan Kim]:
	    Room Number [3A-41]: 4A-43
	    Office Phone [3-1234]:
	    Home Phone [555-1234]:

 FILES

  /etc/passwd
	     Contains user information.

  /etc/shells
	     The list of approved shells.

RELATED INFORMATION

  Commands: finger(1), login(1).

  Files: matrix.conf(4), passwd(4).

  Security