Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

passwd(1)

login(1)

id(1)

su(1)

getpwent(3C)

passwd(4)

passwd(4SX)

passwd(1)

NAME

passwd − change login password

SYNOPSIS

passwd [ -p filename ] [ name ]

DESCRIPTION

This command changes or installs a password associated with the login username.

Ordinary users may change only the password which corresponds to their login username.

Passwd prompts ordinary users for their old password, if any.  It then prompts for the new password twice.  The first time the new password is entered passwd checks to see if the old password has “aged” sufficiently.  If “aging” is insufficient the new password is rejected and passwd terminates;  see passwd(4). 

Assuming “aging” is sufficient, a check is made to insure that the new password meets construction requirements.  When the new password is entered a second time the two copies of the new password are compared.  If the two copies are not identical, the cycle of prompting for the new password is repeated for at most two more times. 

Passwords must be constructed to meet the following requirements:

Each password must have at least six characters. Only the first eight characters are significant.

Each password must contain at least two alphabetic characters and at least one numeric or special character.  In this case, “alphabetic” means upper and lower case letters. 

Each password must differ from the user’s login name and any reverse or circular shift of that login name. For comparison purposes, an upper case letter and its corresponding lower case letter are equivalent.

New passwords must differ from the old by at least three characters.  For comparison purposes, an upper case letter and its corresponding lower case letter are equivalent. 

One whose effective user ID is zero is called a super-user; see id(1), and su(1).  Super-users may change any password; hence, passwd does not prompt super-users for the old password.  Super-users are not forced to comply with password aging and password construction requirements.  A super-user can create a null password by entering a carriage return in response to the prompt for a new password. 

If the -p option is specified, the filename specified will be used rather than /etc/passwd.

SECURITY FEATURES

The following security features are in effect on systems running CX/SX. 

The encrypted passwords are kept in the /mls/passwd file which is unreadable except by components of the Trusted Computing Base.  The "shadow" password file, /etc/passwd, is readable by all users, but contains a ’∗’ in each of the encrypted password fields.  See getpwent(3C) and passwd(4SX) for details.  This prevents users "guessing" passwords except via audited commands. 

Automatic generation of passwords has also been implemented.  When passwd is invoked, a proposed password is suggested.  The user can either type the proposed password, accepting it and confirming the password’s spelling, or reject it by hitting the <return> key.  If the proposed password is rejected, another is proposed.  Up to 5 passwords can be proposed during any one invocation of passwd. 

The proposed password is made up of 2 syllables and 2 digits.  Syllables are either 2 or 3 characters long.  The syllables and digits can appear in any order.  The intent is to provide a sufficiently large password-space to discourage "guessing" while providing quasi-pronounceable passwords as an aid to memory.  Sometimes the proposed passwords suggest an address or baseball score.  Some examples:

2jas0fi      goyna07    3daya3  30molnatu46ni
po60fi      cottu47    5xa2cu  je4jox04ya7pu
6nat9ti      90tenye    2conro8  sivha518meqri9
2gewul8      1xelu9    1so3tu  6ze9jibzuwmo40
9wurij7      lug48ro    6hoqo4  77wilzowuvqig44

Ordinary users cannot override the proposed passwords.  They can only accept or reject a given password.  This guarantees that an exhaustive search would have to cover a sizable fraction of all possible 8 character passwords. 

Superuser can override the automatic password generation and force a given password for a user.  This feature should be used very sparingly.  It is intended to allow passwords to be synchronized between machines not sharing a common password file. 

SECURITY OPTIONS

The random passwords as generated by default can be difficult for some individuals to remember, even after allowing the individual to reject many combinations.  The shell variable "PASSWDOPTS" can be used to alter the space of generated passwords to better suit an individual’s or site’s tastes. 

The user or administrator can set the environment variable PASSWDOPTS to a value in the range 0 through 6.  If PASSWDOPTS is not defined, the effect is to generate passwords in the largest space as described above (equivalent to a value of 6.)  If PASSWDOPTS is out of the defined range or otherwise illegal (i.e. defined as NULL), a value of 0 is used (3 syllable form.)  The following table summarizes the effect of this shell variable.  In the table, S stands for a random 2 or 3 character syllable and N stands for a random digit. 

      PASSWDOPTS                   Pattern of Proposed Password
           0                        SSS
          1                        SSNN
          2                        NNSS or SSNN
          3                        SSNN or NNSS or NSSN
          4                        <3 above> or SNNS
          5                        <4 above> or SNSN
          6                        <5 above> or NSNS (default)

In all cases, the command generates random passwords at least 6 characters long and optionally as long as 9 characters.  Since the pattern used is at the option of the user (and none are trivial) the penetrator cannot be sure the simplest form is used.  A value of 1 yields the simplest form and the smallest search space, but even then over 500 million combinations are possible.  Since the passwords are now kept in an unreadable file, the only way a penetrator can guess is via su(1) or login(1) which severely limits the rate of guessing and makes it likely that that guessing would be quickly detected. 

FILES

/etc/passwd, /mls/passwd

SEE ALSO

passwd(1), login(1), id(1), su(1), getpwent(3C), passwd(4), passwd(4SX). 

NOTES

passwd will change a local password, but not a password in the network Yellow Pages.  Refer to yppasswd(1) for information on how to change a Yellow Pages password. 

If this machine is the Yellow Pages master server for the passwd file and the Yellow Pages ascii file for the passwd file is /etc/passwd, passwd will automatically invoke yppasswd ensuring the network version is consistently maintained. 

If this machine is running CX/SX, Yellow Pages are not available. 

CX/UX User’s Reference Manual

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026