passwd(1)

1PASSWD(1)                       User utilities                       PASSWD(1)
2
3
4

NAME

6       passwd - update user's authentication tokens
7
8

SYNOPSIS

10       passwd  [-k]  [-l]  [-u  [-f]]  [-d] [-e] [-n mindays] [-x maxdays] [-w
11       warndays] [-i inactivedays] [-S] [--stdin] [username]
12
13
14

DESCRIPTION

16       The passwd utility is used to update user's authentication token(s).
17
18       This task is achieved through calls to the Linux-PAM and  Libuser  API.
19       Essentially, it initializes itself as a "passwd" service with Linux-PAM
20       and utilizes configured  password  modules  to  authenticate  and  then
21       update a user's password.
22
23
24       A simple entry in the global Linux-PAM configuration file for this ser‐
25       vice would be:
26
27        #
28        # passwd service entry that does strength checking of
29        # a proposed password before updating it.
30        #
31        passwd password requisite pam_cracklib.so retry=3
32        passwd password required pam_unix.so use_authtok
33        #
34
35
36       Note, other module types are not required for this application to func‐
37       tion correctly.
38
39

OPTIONS

41       -k, --keep
42              The option -k is used to indicate that the update should only be
43              for expired authentication tokens (passwords); the  user  wishes
44              to keep their non-expired tokens as before.
45
46
47       -l, --lock
48              This  option  is  used to lock the password of specified account
49              and it is available to root only. The locking  is  performed  by
50              rendering the encrypted password into an invalid string (by pre‐
51              fixing the encrypted string with an !). Note that the account is
52              not  fully  locked - the user can still log in by other means of
53              authentication such as the ssh public  key  authentication.  Use
54              chage -E 0 user command instead for full account locking.
55
56
57       --stdin
58              This  option is used to indicate that passwd should read the new
59              password from standard input, which can be a pipe.
60
61
62       -u, --unlock
63              This is the reverse of the  -l  option  -  it  will  unlock  the
64              account password by removing the ! prefix. This option is avail‐
65              able to root only. By default passwd will  refuse  to  create  a
66              passwordless  account  (it  will  not unlock an account that has
67              only "!" as a password). The force option -f will override  this
68              protection.
69
70
71       -d, --delete
72              This is a quick way to delete a password for an account. It will
73              set the named account passwordless. Available to root only.
74
75              Note that if the password was locked,  this  implicitly  removes
76              the password lock as well.
77
78
79       -e, --expire
80              This  is  a  quick  way to expire a password for an account. The
81              user will be forced to change the password during the next login
82              attempt.  Available to root only.
83
84
85       -f, --force