passwd man page on HP-UX

Man page or keyword search:  
man Server   10987 pages
apropos Keyword Search (all sections)
Output format
HP-UX logo
[printable version]

passwd(4)							     passwd(4)

       passwd - password file

       contains the following information for each user:

	      ·	 login name
	      ·	 encrypted password
	      ·	 numerical user ID
	      ·	 numerical group ID
	      ·	 reserved gecos ID
	      ·	 initial working directory
	      ·	 program to use as shell

       This  is	 an  ASCII file.  Each field within each user's entry is sepa‐
       rated from the next by a colon.	Each user is separated from  the  next
       by  a  newline.	 This  file resides in the directory.  It can and does
       have general read permission and can  be	 used,	for  example,  to  map
       numerical user IDs to names.

       returns a pointer to a user's entry passwd structure declared in

       The login name may only contain alphanumeric and underscore characters.
       The login name must start with an alpha character, unless  the  Numeri‐
       cUsername  product is installed, in which case, the first character can
       also be a decimal digit.

       If the login directory is null, the user will be placed in by  default.
       If the login shell is null, is used.

       It  is suggested that the range 0−99 not be used for user and group IDs
       so that IDs that might be assigned for system software do not conflict.

       The gecos field may contain the following identification:  user's  full
       name,  office location, extension, and home phone.  The gecos field can
       be set by use of the command and	 is  displayed	by  the	 command  (see
       chfn(1)	and  finger(1)).  These two commands assume the information in
       this field is in the order listed above.	 A portion of the user's  real
       name  can be represented in the gecos field by an character, which some
       utilities (including expand by substituting the login name for  it  and
       shifting the first letter of the login name to uppercase.

   Password Field
       On  a  non-shadowed  standard  system,  all password fields contain the
       actual encrypted password.  On a shadowed standard system, all password
       fields  contain	an `x', while the actual encrypted passwords reside in
       On a trusted system, all password fields contain a `*' and  the	actual
       encrypted passwords reside in the Protected Password Database.

       The  following  description  of	the password field applies only to the
       password field of an entry in that contains an actual  encrypted	 pass‐
       word.   See the shadow(4) manpage for details about encrypted passwords
       that reside in and see the section of this manpage  for	details	 about
       encrypted passwords that reside on a trusted system.

       If  the password field is null, there is no password and no password is
       demanded on login.  Otherwise, this  field  consists  of	 an  encrypted
       password with an optional password aging subfield.

       The encrypted password consists of 13 characters chosen from a 64-char‐
       acter set of "digits" described below, Login can be prevented by enter‐
       ing  in	the  password field a character that is not part of the set of
       digits (such as

       The characters used to represent "digits" are for 0, for 1, through for
       2 through 11, through for 12 through 37, and through for 38 through 63.

       Password	 aging is put in effect for a particular user if his encrypted
       password in the password file is followed by a  comma  and  a  non-null
       string  of  characters from the above alphabet.	(Such a string must be
       introduced in the first instance by a superuser.)  This string  defines
       the "age" needed to implement password aging.

       UNIX  keeps internal time stamps in a format with a base date of Thurs‐
       day January 1, 1970.  Because of this, passwd considers	the  beginning
       of a week to be 00:00 GMT Thursday.

       The  first character of the age, M, denotes the maximum number of weeks
       for which a password is valid.  A user who attempts to login after  his
       password	 has  expired is forced to supply a new one.  The next charac‐
       ter, m, denotes the minimum period in weeks that must expire before the
       password	 can be changed.  The remaining two characters define the week
       when the password was last changed (a  null  string  is	equivalent  to
       zero).	M  and	m have numerical values in the range 0 through 63 that
       correspond to the 64-character set of "digits" shown above.

       If m = M = 0 (derived from the string or the user is forced  to	change
       his  password  next  time he logs in (and the "age" disappears from his
       entry in the password file).  If m > M (signified, for example, by  the
       string  then  only  a superuser (not the user) can change the password.
       Not allowing the user to ever change the password is discouraged.

       This section applies only to trusted systems.  Note that HP-UX 11i Ver‐
       sion 3 is the last release to support trusted systems functionality.

       On  a  trusted  system  the  password field always contains by default.
       Password and aging information are instead part of the Protected	 Pass‐
       word Database.

       On  trusted  systems, the encrypted password for each user is stored in
       the file (where c is the first letter in user_name).  Password informa‐
       tion  files  are	 not accessible to the public.	The encrypted password
       can be longer than 13 characters.  For example, the password  file  for
       user  is	 stored	 in  In addition to the password, the user profiles in
       also have many other fields, including:

	      ·	 numerical audit ID
	      ·	 numerical audit flag

       Like this file is an ASCII file.	 Fields within each user's  entry  are
       separated  by  colons.	Refer  to authcap(4) and prpwd(4) for details.
       The passwords contained in take precedence over those contained in  the
       encrypted  password  field  of  User  authentication  is done using the
       encrypted passwords in this file.  For a description  of	 the  password
       aging mechanism, see the section of passwd(1).

       For  more  information about passwords and converting to a trusted sys‐
       tem, see and sam(1M).

       The file can have entries that begin with a plus or minus sign  in  the
       first  column.	Such  lines are used to access the Network Information
       System database.	 A line beginning with a plus is used  to  incorporate
       entries from the Network Information System.  There are three styles of

	      Insert the entire contents
			  of the Network Information System password  file  at
			  that point;

	      Insert the entry (if any) for
			  name	from  the  Network  Information System at that

	      Insert the entries for all members of the network group
			  name at that point.

       If a entry has a non-null password, directory, gecos, or	 shell	field,
       they override what is contained in the Network Information System.  The
       numerical user ID and group ID fields cannot be overridden.

       The file can also have lines beginning  with  a	minus  which  disallow
       entries	from  the Network Information System.  There are two styles of

	      Disallow any subsequent entries (if any) for

	      Disallow any subsequent entries for all members of  the  network

   NIS Warnings
       The plus and minus features are NIS functionality; therefore, if NIS is
       not installed, they do not work.	 Also, these features work only with

       The uid of −2 is reserved for remote root access by means of NFS.   The
       user  name usually given to this uid is Since uids are stored as signed
       values, the following define is included in to match the user

       The login shell for the root user (uid 0) must be to guarantee the sys‐
       tem  can	 always	 boot.	 Other shells such as sh, ksh, and csh are all
       located under the directory which may not  be  mounted  during  earlier
       stages  of  the	bootup	process.  Changing the login shell of the root
       user to a value other than is allowed but may  result  in  a  non-func‐
       tional system.

       The  information	 kept in the gecos field may conflict with unsupported
       or future uses of this field.  Use of the gecos field for keeping  user
       identification  information  has	 not been formalized within any of the
       industry standards.  The current use of this field is derived from  its
       use  within  the	 Berkeley Software Distribution.  Future standards may
       define this field for other purposes.

       The following fields have size limitations as noted:

	      ·	 Login name field can be no longer than 8 characters,  or  255
		 characters  if	 the  support  of long user and group names is
		 enabled on the system;

	      ·	 Initial working directory field can  be  no  longer  than  63
		 characters, or 310 characters if the support of long user and
		 group names is enabled on the system;

	      ·	 Program field can be no longer than 44 characters.

	      ·	 Results are unpredictable if these fields are longer than the
		 limits specified above.

       The following fields have numerical limitations as noted:

	      ·	 The  user ID is an integer value between 0 and inclusive.  As
		 a special case, -2 may be present.

	      ·	 The group ID is an integer value between 0 and inclusive.  As
		 a special case -2 may be present.

	      ·	 If  either  of	 these	values are out of range, the functions
		 reset the ID value to

       HP-UX 11i Version 3 is the last	release	 to  support  trusted  systems

   Shadow Password Example
       If  the	system	has  been converted to a shadowed standard system, the
       password fields of user	and  user  contain  an	'x',  and  the	actual
       encrypted passwords reside in If it was a non-shadowed standard system,
       the password fields of user and user would contain the actual encrypted

   NIS Example
       In  the	NIS  example, there are specific entries for users and in case
       the Network Information System is out of order.

	      ·	 User password entry in	 the  Network  Information  System  is
		 incorporated without change.

	      ·	 Any subsequent entries for user are ignored.

	      ·	 The password field for anyone in the netgroup is disabled.

	      ·	 Users	in  netgroup  are  not	returned  by  and thus are not
		 allowed to log in.

	      ·	 Anyone else can log in with their usual password, shell,  and
		 home directory, but with a gecos field of

       Protected  password  database  used when system is converted to trusted

       Standard password file used by HP-UX.

       Shadow password file.

       chfn(1), chsh(1), finger(1), login(1), passwd(1), pwck(1M), pwconv(1M),
       useradd(1M),  a64l(3C),	crypt(3C),  getpass(3C), getpwent(3C), getprp‐
       went(3), authcap(4), shadow(4), limits(5).


List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net