summaryrefslogtreecommitdiffstats
path: root/man/chpasswd.8.xml
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--man/chpasswd.8.xml303
1 files changed, 303 insertions, 0 deletions
diff --git a/man/chpasswd.8.xml b/man/chpasswd.8.xml
new file mode 100644
index 0000000..19ef36e
--- /dev/null
+++ b/man/chpasswd.8.xml
@@ -0,0 +1,303 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright (c) 1991 , Julianne Frances Haugh
+ Copyright (c) 2007 - 2011, Nicolas François
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. The name of the copyright holders or contributors may not be used to
+ endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
+<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
+<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+<!-- SHADOW-CONFIG-HERE -->
+]>
+
+<refentry id='chpasswd.8'>
+ <!-- $Id$ -->
+ <refentryinfo>
+ <author>
+ <firstname>Julianne Frances</firstname>
+ <surname>Haugh</surname>
+ <contrib>Creation, 1991</contrib>
+ </author>
+ <author>
+ <firstname>Thomas</firstname>
+ <surname>Kłoczko</surname>
+ <email>kloczek@pld.org.pl</email>
+ <contrib>shadow-utils maintainer, 2000 - 2007</contrib>
+ </author>
+ <author>
+ <firstname>Nicolas</firstname>
+ <surname>François</surname>
+ <email>nicolas.francois@centraliens.net</email>
+ <contrib>shadow-utils maintainer, 2007 - now</contrib>
+ </author>
+ </refentryinfo>
+ <refmeta>
+ <refentrytitle>chpasswd</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
+ <refmiscinfo class="source">shadow-utils</refmiscinfo>
+ <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
+ </refmeta>
+ <refnamediv id='name'>
+ <refname>chpasswd</refname>
+ <refpurpose>update passwords in batch mode</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv id='synopsis'>
+ <cmdsynopsis>
+ <command>chpasswd</command>
+ <arg choice='opt'>
+ <replaceable>options</replaceable>
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id='description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <command>chpasswd</command> command reads a list of user name and
+ password pairs from standard input and uses this information to update
+ a group of existing users. Each line is of the format:
+ </para>
+ <para>
+ <emphasis remap='I'>user_name</emphasis>:<emphasis
+ remap='I'>password</emphasis>
+ </para>
+ <para>
+ By default the passwords must be supplied in clear-text, and are
+ encrypted by <command>chpasswd</command>.
+ Also the password age will be updated, if present.
+ </para>
+ <para condition="no_pam">
+ The default encryption algorithm can be defined for the system with
+ the <option>ENCRYPT_METHOD</option> or
+ <option>MD5_CRYPT_ENAB</option> variables of
+ <filename>/etc/login.defs</filename>, and can be overwritten with the
+ <option>-e</option>, <option>-m</option>, or <option>-c</option>
+ options.
+ </para>
+ <para condition="pam">
+ By default, passwords are encrypted by PAM, but (even if not
+ recommended) you can select a different encryption method with the
+ <option>-e</option>, <option>-m</option>, or <option>-c</option>
+ options.
+ </para>
+ <para>
+ <phrase condition="pam">Except when PAM is used to encrypt the
+ passwords,</phrase> <command>chpasswd</command> first updates all the
+ passwords in memory, and then commits all the changes to disk if no
+ errors occurred for any user.
+ </para>
+ <para condition="pam">
+ When PAM is used to encrypt the passwords (and update the passwords in
+ the system database) then if a password cannot be updated
+ <command>chpasswd</command> continues updating the passwords of the
+ next users, and will return an error code on exit.
+ </para>
+ <para>
+ This command is intended to be used in a large system environment
+ where many accounts are created at a single time.
+ </para>
+ </refsect1>
+
+ <refsect1 id='options'>
+ <title>OPTIONS</title>
+ <para>
+ The options which apply to the <command>chpasswd</command> command
+ are:
+ </para>
+ <variablelist remap='IP'>
+ <varlistentry>
+ <term>
+ <option>-c</option>, <option>--crypt-method</option>&nbsp;<replaceable>METHOD</replaceable>
+ </term>
+ <listitem>
+ <para>Use the specified method to encrypt the passwords.</para>
+ <para condition="no_sha_crypt">
+ The available methods are DES, MD5, and NONE.
+ </para>
+ <para condition="sha_crypt">
+ The available methods are DES, MD5, NONE, and SHA256 or SHA512
+ if your libc support these methods.
+ </para>
+ <para condition="pam">
+ By default, PAM is used to encrypt the passwords.
+ </para>
+ <para condition="no_pam">
+ By default (if none of the <option>-c</option>,
+ <option>-m</option>, or <option>-e</option> options are
+ specified), the encryption method is defined by the
+ <option>ENCRYPT_METHOD</option> or
+ <option>MD5_CRYPT_ENAB</option> variables of
+ <filename>/etc/login.defs</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-e</option>, <option>--encrypted</option></term>
+ <listitem>
+ <para>Supplied passwords are in encrypted form.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <variablelist remap='IP'>
+ <varlistentry>
+ <term><option>-h</option>, <option>--help</option></term>
+ <listitem>
+ <para>Display help message and exit.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <variablelist remap='IP'>
+ <varlistentry>
+ <term><option>-m</option>, <option>--md5</option></term>
+ <listitem>
+ <para>
+ Use MD5 encryption instead of DES when the supplied passwords are
+ not encrypted.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-R</option>, <option>--root</option>&nbsp;<replaceable>CHROOT_DIR</replaceable>
+ </term>
+ <listitem>
+ <para>
+ Apply changes in the <replaceable>CHROOT_DIR</replaceable>
+ directory and use the configuration files from the
+ <replaceable>CHROOT_DIR</replaceable> directory.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry condition="sha_crypt">
+ <term>
+ <option>-s</option>, <option>--sha-rounds</option>&nbsp;<replaceable>ROUNDS</replaceable>
+ </term>
+ <listitem>
+ <para>
+ Use the specified number of rounds to encrypt the passwords.
+ </para>
+ <para>
+ The value 0 means that the system will choose the default
+ number of rounds for the crypt method (5000).
+ </para>
+ <para>
+ A minimal value of 1000 and a maximal value of 999,999,999
+ will be enforced.
+ </para>
+ <para>
+ You can only use this option with the SHA256 or SHA512
+ crypt method.
+ </para>
+ <para>
+ By default, the number of rounds is defined by the
+ <option>SHA_CRYPT_MIN_ROUNDS</option> and
+ <option>SHA_CRYPT_MAX_ROUNDS</option> variables in
+ <filename>/etc/login.defs</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='caveats'>
+ <title>CAVEATS</title>
+ <para>
+ Remember to set permissions or umask to prevent readability of
+ unencrypted files by other users.
+ </para>
+ </refsect1>
+
+ <refsect1 id='configuration'>
+ <title>CONFIGURATION</title>
+ <para>
+ The following configuration variables in
+ <filename>/etc/login.defs</filename> change the behavior of this
+ tool:
+ </para>
+ <variablelist condition="no_pam">
+ &ENCRYPT_METHOD;
+ &MD5_CRYPT_ENAB;
+ </variablelist>
+ <variablelist>
+ &SHA_CRYPT_MIN_ROUNDS; <!--documents also SHA_CRYPT_MAX_ROUNDS-->
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='files'>
+ <title>FILES</title>
+ <variablelist>
+ <varlistentry>
+ <term><filename>/etc/passwd</filename></term>
+ <listitem>
+ <para>User account information.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><filename>/etc/shadow</filename></term>
+ <listitem>
+ <para>Secure user account information.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><filename>/etc/login.defs</filename></term>
+ <listitem>
+ <para>Shadow password suite configuration.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry condition="pam">
+ <term><filename>/etc/pam.d/chpasswd</filename></term>
+ <listitem>
+ <para>PAM configuration for <command>chpasswd</command>.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>newusers</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <phrase>
+ <citerefentry>
+ <refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ </phrase>
+ <citerefentry>
+ <refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>.
+ </para>
+ </refsect1>
+</refentry>