PASSWD(1)                 User utilities                PASSWD(1)

       passwd - update a user's authentication tokens(s)

       passwd [-k] [-l] [-u [-f]] [-d] [-S] [username]

       Passwd is used to update a user's authentication token(s).

       Passwd is configured to work through  the  Linux-PAM  API.
       Essentially,  it  initializes itself as a "passwd" service
       with Linux-PAM and utilizes configured password modules to
       authenticate and then update a user's password.

       A  simple  entry  in  the Linux-PAM configuration file for
       this service would be:

        # passwd service entry that does strength checking of
        # a proposed password before updating it.
        passwd password requisite \
                    /usr/lib/security/ retry=3
        passwd password required \
                    /usr/lib/security/ use_authtok

       Note, other module-types are not required for this  appli-
       cation to function correctly.

       -k     The option, -k, is used to indicate that the update
              should only be for  expired  authentication  tokens
              (passwords);  the  user  wishes  to keep their non-
              expired tokens as before.

       -l     This option is used to lock the  specified  account
              and  it  is  available to root only. The locking is
              performed by rendering the encrypted password  into
              an  invalid  string  (by  prefixing  the  encrypted
              string with an !).

       -u     This is the reverse  of  the  previous  -  it  will
              unlock  the account password by removing the ! pre-
              fix. This option is  available  to  root  only.  By
              default passwd will refuse to create a passwordless
              account (it will not unlock  an  account  that  has
              only  "!"  as a password). The force option -f will
              override this protection.

       -d     This is a quick way to disable a  password  for  an
              account.  It  will  set the named account password-
              less. Available to root only.

       -S     This will output a short information about the sta-
              tus  of the password for a given account. Available
              to root user only.

       On successful completion of its task, passwd will complete
       with  exit  code  0.  An exit code of 1 indicates an error
       occurred.  Textual errors  are  written  to  the  standard
       error stream.

       Linux-PAM (Pluggable Authentication modules for Linux).
       Note,  if  your  distribution of Linux-PAM conforms to the
       Linux Filesystem Standard, you may  find  the  modules  in
       /lib/security/ instead of /usr/lib/security/, as indicated
       in the example.

       /etc/pam.d/passwd - the Linux-PAM configuration file

       None known.

       pam(8), and pam_chauthok(2).

       For more complete information on  how  to  configure  this
       application  with  Linux-PAM,  see  the  Linux-PAM  System
       Administrators' Guide at

       Cristian Gafton <>

PAM + PWDB applications    Jan 03 1998                          1