Tuesday, March 2, 2010

What is passwd and how to use it

 The passwd ulility is a must know utility for manageing users passwords.


passwd [-k] [-l] [-u [-f]] [-d] [-n mindays] [-x maxdays] [-w warndays] [-i inactivedays] [-S] [--stdin] [username]


-k The option -k, is used to indicate that the update should only
be for expired authentication tokens (passwords); the user
wishes to keep their non-expired tokens as before.

-l This option is used to lock the specified account and it is
available to root only. The locking is performed by rendering
the encrypted password into an invalid string (by prefixing the
encrypted string with an !).

--stdin
This option is used to indicate that passwd should read the new password from standard input, which can be a pipe.

-u This is the reverse of the -l option - it will unlock the
account password by removing the ! prefix. This option is avail-
able to root only. By default passwd will refuse to create a
passwordless account (it will not unlock an account that has
only "!" as a password). The force option -f will override this
protection.

-d This is a quick way to delete a password for an account. It will set the named account passwordless. Available to root only.

-n This will set the minimum password lifetime, in days, if the
user’s account supports password lifetimes. Available to root
only.

-x This will set the maximum password lifetime, in days, if the
user’s account supports password lifetimes. Available to root
only.

-w This will set the number of days in advance the user will begin
receiving warnings that her password will expire, if the user’s
account supports password lifetimes. Available to root only.

-i This will set the number of days which will pass before an
expired password for this account will be taken to mean that the
account is inactive and should be disabled, if the user’s
account supports password lifetimes. Available to root only.

-S This will output a short information about the status of the
password for a given account. Available to root user only.

Examples

1.Change your current password.Open a shell and type:

passwd

2. How to lock an accont

passwd -l john

3.How to set the minimum and the maximum time before a password must be change + a warning to the user set to warn him about 7 days before expiration time.

passwd -n 4 -x 120 -w 7

4.How to see a users configuration


passwd -S john 
john PS 2010-02-23 4 120 7 -1 (Password set, SHA512 crypt.)

- you can see if the account has a password(PS), creation date,minimum password age(4),maximum password age(120),warning day (7),time before the account is rendered inactive after the password has expired (-1 means instantly)

No comments:

Post a Comment