shithub: purgatorio

ref: db1eb844461b07a25ca49117851fa874fd88e065
dir: /man/1/passwd/

View raw version
.TH PASSWD 1
.SH NAME
passwd \- change user password
.SH SYNOPSIS
.B auth/passwd
[
.BI -u " user"
] [
.BI -s " signer"
] [
.I keyfile
]
.SH DESCRIPTION
.I Passwd
changes the secret shared between the invoker
and the authentication server
.I signer
(default:
.BR $SIGNER ).
The
.I signer
must offer the
.IR keysrv (4)
service.
.PP
The secret is associated with a remote user name that need not be
the same as the name of the invoking user on the local system.
That remote user name is specified by a certificate signed by
.IR signer ,
and obtained from
.IR keyfile .
.I Keyfile
identifies a file containing a certificate (default:
.LR default ).
If
.I keyfile
is not an absolute pathname,
the file used will be
.BI /usr/ user /keyring/ keyfile.
.I User
by default is the invoking user's name (read from
.BR /dev/user ),
but the
.B -u
option can name another.
.PP
.I Passwd
connects to the
.IR signer ,
authenticating using the certificate in
.IR keyfile ,
and checks that the user in the certificate
is registered there with an existing secret.
.I Passwd
then prompts for the (remote) user's old secret, to double-check identity, then prompts for a new one, which must be confirmed.
.PP
Secrets must be at least eight characters long.
Try to make them hard to guess.
.SH FILES
.TF /mnt/keysrv
.TP
.B /dev/user
current user name
.TP
.B /mnt/keysrv
local mount point for connection to
remote
.IR keysrv (4)
.SH SOURCE
.B /appl/cmd/auth/passwd.b
.SH SEE ALSO
.IR keyfs (4),
.IR keysrv (4),
.IR changelogin (8),
.IR logind (8)