| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 |
- .TH PASSWD 1
- .SH NAME
- passwd, netkey \- change or verify user password
- .SH SYNOPSIS
- .B passwd
- [
- .IR username [@ domain ]
- ]
- .PP
- .B netkey
- .SH DESCRIPTION
- .I Passwd
- changes the invoker's Plan 9 password and/or APOP secret.
- The Plan 9 password is used to login to a terminal while
- the APOP secret is used for a number of external services:
- POP3, IMAP, and VPN access. The optional argument specifies
- the user name and authentication domain to use if different
- than the one associated with the machine
- .I passwd
- is run on.
- .PP
- The program first prompts for the old Plan 9 password in the specified
- domain to establish
- identity.
- It then prompts for changes to the password and the
- secret.
- New passwords and secrets must be typed twice, to forestall mistakes.
- New passwords must be sufficiently hard to guess.
- They may be of any length greater than seven characters.
- .PP
- .I Netkey
- prompts for a password to encrypt network challenges.
- It is a substitute for a SecureNet box.
- .PP
- These commands may be run only on a terminal, to avoid
- transmitting clear text passwords over the network.
- .SH SOURCE
- .B /sys/src/cmd/auth/passwd.c
- .br
- .B /sys/src/cmd/auth/netkey.c
- .SH "SEE ALSO"
- .I readnvram
- in
- .IR authsrv (2),
- .IR encrypt (2),
- .IR cons (3),
- .IR auth (8),
- .IR securenet (8)
- .PP
- Robert Morris and Ken Thompson,
- ``UNIX Password Security,''
- .I AT&T Bell Laboratories Technical Journal
- Vol 63 (1984), pp. 1649-1672
- .SH BUGS
- Now that
- .I cpu
- connections are always encrypted, the only good reason
- to require that these commands be run only on terminals
- is concern that the CPU server might be subverted.
|
