plan9fox/sys/man/1/passwd

.TH PASSWD 1
.SH NAME
passwd, netkey \- change or verify user password
.SH SYNOPSIS
.B passwd
[
.IR -1
]
[
.IR username [@ domain ]
]
.PP
.B netkey
.SH DESCRIPTION
.I Passwd
changes the invoker's Plan 9 password and/or APOP secret.
The Plan 9 password is used to login to a terminal while
the APOP secret is used for a number of external services:
POP3, IMAP, and VPN access.  The optional argument specifies
the user name and authentication domain to use if different
than the one associated with the machine
.I passwd
is run on.
.PP
The program first prompts for the old Plan 9 password in the specified
domain to establish
identity.
It then prompts for changes to the password and the
secret.
New passwords and secrets must be typed twice, to forestall mistakes.
New passwords must be sufficiently hard to guess.
They may be of any length greater than seven characters.
.PP
By default, passwd requires the auth server to support
.IR dp9ik (6).
The
.I -1
flag forces
.B passwd
to authenticate using
.IR p9sk1 (6).

.PP
.I Netkey
prompts for a password to encrypt network challenges.
It is a substitute for a SecureNet box. It may only be run on a terminal.
.SH SOURCE
.B /sys/src/cmd/auth/passwd.c
.br
.B /sys/src/cmd/auth/netkey.c
.SH "SEE ALSO"
.I readnvram
in
.IR authsrv (2),
.IR encrypt (2),
.IR cons (3),
.IR auth (8),
.IR securenet (8)
.PP
Robert Morris and Ken Thompson,
``UNIX Password Security,''
.I AT&T Bell Laboratories Technical Journal
Vol 63 (1984), pp. 1649-1672
.SH BUGS
Now that
.I cpu
connections are always encrypted, the only good reason
to require that these commands be run only on terminals
is concern that the CPU server might be subverted.
Import sources from 2011-03-30 iso image - sys/man 2011-03-30 13:49:47 +00:00			`.TH PASSWD 1`
			`.SH NAME`
			`passwd, netkey \- change or verify user password`
			`.SH SYNOPSIS`
			`.B passwd`
			`[`
passwd: make legacy mode explicit Passwd used to produce a very confusing error about DES not being enabled whenever the password was mistyped. This happened because we attempted to guess what authentication method to use, and preseneted the error from the wrong one on failure. This puts the legacy mode behind a flag, so that we don't even try the old method unless it's explicitly requested. 2021-01-18 02:01:53 +00:00			`.IR -1`
			`]`
			`[`
Import sources from 2011-03-30 iso image - sys/man 2011-03-30 13:49:47 +00:00			`.IR username [@ domain ]`
			`]`
			`.PP`
			`.B netkey`
			`.SH DESCRIPTION`
			`.I Passwd`
			`changes the invoker's Plan 9 password and/or APOP secret.`
			`The Plan 9 password is used to login to a terminal while`
			`the APOP secret is used for a number of external services:`
			`POP3, IMAP, and VPN access. The optional argument specifies`
			`the user name and authentication domain to use if different`
			`than the one associated with the machine`
			`.I passwd`
			`is run on.`
			`.PP`
			`The program first prompts for the old Plan 9 password in the specified`
			`domain to establish`
			`identity.`
			`It then prompts for changes to the password and the`
			`secret.`
			`New passwords and secrets must be typed twice, to forestall mistakes.`
			`New passwords must be sufficiently hard to guess.`
			`They may be of any length greater than seven characters.`
passwd: make legacy mode explicit Passwd used to produce a very confusing error about DES not being enabled whenever the password was mistyped. This happened because we attempted to guess what authentication method to use, and preseneted the error from the wrong one on failure. This puts the legacy mode behind a flag, so that we don't even try the old method unless it's explicitly requested. 2021-01-18 02:01:53 +00:00			`.PP`
			`By default, passwd requires the auth server to support`
			`.IR dp9ik (6).`
			`The`
			`.I -1`
			`flag forces`
			`.B passwd`
			`to authenticate using`
			`.IR p9sk1 (6).`

Import sources from 2011-03-30 iso image - sys/man 2011-03-30 13:49:47 +00:00			`.PP`
			`.I Netkey`
			`prompts for a password to encrypt network challenges.`
passwd(1): passwd no longer needs to be run on a terminal; netkey is more stubborn. 2015-05-03 21:37:54 +00:00			`It is a substitute for a SecureNet box. It may only be run on a terminal.`
Import sources from 2011-03-30 iso image - sys/man 2011-03-30 13:49:47 +00:00			`.SH SOURCE`
			`.B /sys/src/cmd/auth/passwd.c`
			`.br`
			`.B /sys/src/cmd/auth/netkey.c`
			`.SH "SEE ALSO"`
			`.I readnvram`
			`in`
			`.IR authsrv (2),`
			`.IR encrypt (2),`
			`.IR cons (3),`
			`.IR auth (8),`
			`.IR securenet (8)`
			`.PP`
			`Robert Morris and Ken Thompson,`
			``UNIX Password Security,''
			`.I AT&T Bell Laboratories Technical Journal`
			`Vol 63 (1984), pp. 1649-1672`
			`.SH BUGS`
			`Now that`
			`.I cpu`
			`connections are always encrypted, the only good reason`
			`to require that these commands be run only on terminals`
			`is concern that the CPU server might be subverted.`