blob: 759397e0aac22d52547b734b6d38198a20d484ca (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
.TH PASSWD 1
.SH NAME
passwd \- change user password
.SH SYNOPSIS
.B auth/passwd
[
.BI -u " user"
] [
.BI -s " signer"
] [
.I keyfile
]
.SH DESCRIPTION
.I Passwd
changes the secret shared between the invoker
and the authentication server
.I signer
(default:
.BR $SIGNER ).
The
.I signer
must offer the
.IR keysrv (4)
service.
.PP
The secret is associated with a remote user name that need not be
the same as the name of the invoking user on the local system.
That remote user name is specified by a certificate signed by
.IR signer ,
and obtained from
.IR keyfile .
.I Keyfile
identifies a file containing a certificate (default:
.LR default ).
If
.I keyfile
is not an absolute pathname,
the file used will be
.BI /usr/ user /keyring/ keyfile.
.I User
by default is the invoking user's name (read from
.BR /dev/user ),
but the
.B -u
option can name another.
.PP
.I Passwd
connects to the
.IR signer ,
authenticating using the certificate in
.IR keyfile ,
and checks that the user in the certificate
is registered there with an existing secret.
.I Passwd
then prompts for the (remote) user's old secret, to double-check identity, then prompts for a new one, which must be confirmed.
.PP
Secrets must be at least eight characters long.
Try to make them hard to guess.
.SH FILES
.TF /mnt/keysrv
.TP
.B /dev/user
current user name
.TP
.B /mnt/keysrv
local mount point for connection to
remote
.IR keysrv (4)
.SH SOURCE
.B /appl/cmd/auth/passwd.b
.SH SEE ALSO
.IR keyfs (4),
.IR keysrv (4),
.IR changelogin (8),
.IR logind (8)
|
