|
|
HP-UX Reference > Nnispasswd(1)HP-UX 11i Version 2: December 2007 Update |
|
NAMEnispasswd — change NIS+ password information SYNOPSISnispasswd [ -ghs ] [ -D domainname ] [ username ] nispasswd -a nispasswd -D domainname ] [ -d [ username ] ] nispasswd [ -l ] [ -f ] [ -n min ] [ -x max ] [ -w warn ] [ -D domainname ] username DESCRIPTIONnispasswd changes a password, gecos (finger) field (-g option), home directory (-h option), or login shell (-s option) associated with the username (invoker by default) in the NIS+ passwd table. Additionally, the command can be used to view or modify aging information associated with the user specified if the invoker has the right NIS+ privileges. nispasswd uses secure RPC to communicate with the NIS+ server, and therefore, never sends unencrypted passwords over the communication medium. nispasswd does not read or modify the local password information stored in the /etc/passwd file. When used to change a password, nispasswd prompts non-privileged users for their old password. It then prompts for the new password twice to forestall typing mistakes. When the old password is entered, nispasswd checks to see if it has aged sufficiently. If aging is insufficient, nispasswd terminates; see getpwent(3C). The old password is used to decrypt the username's secret key. If the password does not decrypt the secret key, nispasswd prompts for the old secure-RPC password. It uses this password to decrypt the secret key. If this fails, it gives the user one more chance. The old password is also used to ensure that the new password differs from the old by at least three characters. Assuming aging is sufficient, a check is made to ensure that the new password meets construction requirements described below. When the new password is entered a second time, the two copies of the new password are compared. If the two copies are not identical, the cycle of prompting for the new password is repeated twice. The new password is used to re-encrypt the user's secret key. Hence, it also becomes their secure-RPC password. Passwords must be constructed to meet the following requirements:
Network administrators, who own the NIS+ password table, may change any password attributes if they establish their credentials (see keylogin(1)) before invoking nispasswd. Hence, nispasswd does not prompt these privileged-users for the old password and they are not forced to comply with password aging and password construction requirements. Any user may use the -d option to display password attributes for his or her own login name. The format of the display will be: username status mm/dd/yy min max warn or, if password aging information is not present, username status where
Options
NotesThe login program, file access display programs (for example, 'ls -l') and network programs that require user passwords (for example, rlogin(1), ftp(1), etc.) use the standard getpwent(3C) interface to get password information. These programs will get the NIS+ password information, which is modified by nispasswd, only if the passwd: entry in the /etc/nsswitch.conf file includes nisplus. See nsswitch.conf(4) for more details. RETURN VALUEThe nispasswd command exits with one of the following values:
WARNINGSHP-UX 11i Version 2 is the last HP-UX release on which NIS+ is supported. LDAP is the recommended replacement for NIS+. HP fully supports the industry standard naming services based on LDAP. SEE ALSOkeylogin(1), login(1), nis+(1), nistbladm(1), passwd(1), domainname(1), getpwent(3C), nsswitch.conf(4), passwd(4). |
|