[manual index][section index]

NAME

passwd - change user password

SYNOPSIS

auth/passwd [ -u user ] [ -s signer ] [ keyfile ]

DESCRIPTION

Passwd changes the secret shared between the invoker and the authentication server signer (default: $SIGNER). The signer must offer the keysrv(4) service.

The secret is associated with a remote user name that need not be the same as the name of the invoking user on the local system. That remote user name is specified by a certificate signed by signer, and obtained from keyfile. Keyfile identifies a file containing a certificate (default: default). If keyfile is not an absolute pathname, the file used will be /usr/user/keyring/keyfile. User by default is the invoking user's name (read from /dev/user), but the -u option can name another.

Passwd connects to the signer, authenticating using the certificate in keyfile, and checks that the user in the certificate is registered there with an existing secret. Passwd then prompts for the (remote) user's old secret, to double-check identity, then prompts for a new one, which must be confirmed.

Secrets must be at least eight characters long. Try to make them hard to guess.

FILES

/dev/user
current user name
/mnt/keysrv
local mount point for connection to remote keysrv(4)

SOURCE

/appl/cmd/auth/passwd.b

SEE ALSO

keyfs(4), keysrv(4), changelogin(8), logind(8)

PASSWD(1 ) Rev:  Tue Mar 31 02:42:38 GMT 2015