diff options
Diffstat (limited to '')
-rw-r--r-- | man/chpasswd.8.xml | 280 |
1 files changed, 280 insertions, 0 deletions
diff --git a/man/chpasswd.8.xml b/man/chpasswd.8.xml new file mode 100644 index 0000000..6353419 --- /dev/null +++ b/man/chpasswd.8.xml @@ -0,0 +1,280 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + SPDX-FileCopyrightText: 1991 , Julianne Frances Haugh + SPDX-FileCopyrightText: 2007 - 2011, Nicolas François + SPDX-License-Identifier: BSD-3-Clause +--> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml"> +<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml"> +<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml"> +<!-- SHADOW-CONFIG-HERE --> +]> + +<refentry id='chpasswd.8'> + <!-- $Id$ --> + <refentryinfo> + <author> + <firstname>Julianne Frances</firstname> + <surname>Haugh</surname> + <contrib>Creation, 1991</contrib> + </author> + <author> + <firstname>Thomas</firstname> + <surname>Kłoczko</surname> + <email>kloczek@pld.org.pl</email> + <contrib>shadow-utils maintainer, 2000 - 2007</contrib> + </author> + <author> + <firstname>Nicolas</firstname> + <surname>François</surname> + <email>nicolas.francois@centraliens.net</email> + <contrib>shadow-utils maintainer, 2007 - now</contrib> + </author> + </refentryinfo> + <refmeta> + <refentrytitle>chpasswd</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo> + <refmiscinfo class="source">shadow-utils</refmiscinfo> + <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo> + </refmeta> + <refnamediv id='name'> + <refname>chpasswd</refname> + <refpurpose>update passwords in batch mode</refpurpose> + </refnamediv> + + <refsynopsisdiv id='synopsis'> + <cmdsynopsis> + <command>chpasswd</command> + <arg choice='opt'> + <replaceable>options</replaceable> + </arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1 id='description'> + <title>DESCRIPTION</title> + <para> + The <command>chpasswd</command> command reads a list of user name and + password pairs from standard input and uses this information to update + a group of existing users. Each line is of the format: + </para> + <para> + <emphasis remap='I'>user_name</emphasis>:<emphasis + remap='I'>password</emphasis> + </para> + <para> + By default the passwords must be supplied in clear-text, and are + encrypted by <command>chpasswd</command>. + Also the password age will be updated, if present. + </para> + <para condition="no_pam"> + The default encryption algorithm can be defined for the system with + the <option>ENCRYPT_METHOD</option> or + <option>MD5_CRYPT_ENAB</option> variables of + <filename>/etc/login.defs</filename>, and can be overwritten with the + <option>-e</option>, <option>-m</option>, or <option>-c</option> + options. + </para> + <para condition="pam"> + By default, passwords are encrypted by PAM, but (even if not + recommended) you can select a different encryption method with the + <option>-e</option>, <option>-m</option>, or <option>-c</option> + options. + </para> + <para> + <phrase condition="pam">Except when PAM is used to encrypt the + passwords,</phrase> <command>chpasswd</command> first updates all the + passwords in memory, and then commits all the changes to disk if no + errors occurred for any user. + </para> + <para condition="pam"> + When PAM is used to encrypt the passwords (and update the passwords in + the system database) then if a password cannot be updated + <command>chpasswd</command> continues updating the passwords of the + next users, and will return an error code on exit. + </para> + <para> + This command is intended to be used in a large system environment + where many accounts are created at a single time. + </para> + </refsect1> + + <refsect1 id='options'> + <title>OPTIONS</title> + <para> + The options which apply to the <command>chpasswd</command> command + are: + </para> + <variablelist remap='IP'> + <varlistentry> + <term> + <option>-c</option>, <option>--crypt-method</option> <replaceable>METHOD</replaceable> + </term> + <listitem> + <para>Use the specified method to encrypt the passwords.</para> + <para condition="no_sha_crypt"> + The available methods are DES, MD5, and NONE. + </para> + <para condition="sha_crypt"> + The available methods are DES, MD5, NONE, and SHA256 or SHA512 + if your libc support these methods. + </para> + <para condition="pam"> + By default, PAM is used to encrypt the passwords. + </para> + <para condition="no_pam"> + By default (if none of the <option>-c</option>, + <option>-m</option>, or <option>-e</option> options are + specified), the encryption method is defined by the + <option>ENCRYPT_METHOD</option> or + <option>MD5_CRYPT_ENAB</option> variables of + <filename>/etc/login.defs</filename>. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>-e</option>, <option>--encrypted</option></term> + <listitem> + <para>Supplied passwords are in encrypted form.</para> + </listitem> + </varlistentry> + </variablelist> + <variablelist remap='IP'> + <varlistentry> + <term><option>-h</option>, <option>--help</option></term> + <listitem> + <para>Display help message and exit.</para> + </listitem> + </varlistentry> + </variablelist> + <variablelist remap='IP'> + <varlistentry> + <term><option>-m</option>, <option>--md5</option></term> + <listitem> + <para> + Use MD5 encryption instead of DES when the supplied passwords are + not encrypted. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>-R</option>, <option>--root</option> <replaceable>CHROOT_DIR</replaceable> + </term> + <listitem> + <para> + Apply changes in the <replaceable>CHROOT_DIR</replaceable> + directory and use the configuration files from the + <replaceable>CHROOT_DIR</replaceable> directory. + Only absolute paths are supported. + </para> + </listitem> + </varlistentry> + <varlistentry condition="sha_crypt"> + <term> + <option>-s</option>, <option>--sha-rounds</option> <replaceable>ROUNDS</replaceable> + </term> + <listitem> + <para> + Use the specified number of rounds to encrypt the passwords. + </para> + <para> + The value 0 means that the system will choose the default + number of rounds for the crypt method (5000). + </para> + <para> + A minimal value of 1000 and a maximal value of 999,999,999 + will be enforced. + </para> + <para> + You can only use this option with the SHA256 or SHA512 + crypt method. + </para> + <para> + By default, the number of rounds is defined by the + <option>SHA_CRYPT_MIN_ROUNDS</option> and + <option>SHA_CRYPT_MAX_ROUNDS</option> variables in + <filename>/etc/login.defs</filename>. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='caveats'> + <title>CAVEATS</title> + <para> + Remember to set permissions or umask to prevent readability of + unencrypted files by other users. + </para> + </refsect1> + + <refsect1 id='configuration'> + <title>CONFIGURATION</title> + <para> + The following configuration variables in + <filename>/etc/login.defs</filename> change the behavior of this + tool: + </para> + <variablelist condition="no_pam"> + &ENCRYPT_METHOD; + &MD5_CRYPT_ENAB; + </variablelist> + <variablelist> + &SHA_CRYPT_MIN_ROUNDS; <!--documents also SHA_CRYPT_MAX_ROUNDS--> + </variablelist> + </refsect1> + + <refsect1 id='files'> + <title>FILES</title> + <variablelist> + <varlistentry> + <term><filename>/etc/passwd</filename></term> + <listitem> + <para>User account information.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><filename>/etc/shadow</filename></term> + <listitem> + <para>Secure user account information.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><filename>/etc/login.defs</filename></term> + <listitem> + <para>Shadow password suite configuration.</para> + </listitem> + </varlistentry> + <varlistentry condition="pam"> + <term><filename>/etc/pam.d/chpasswd</filename></term> + <listitem> + <para>PAM configuration for <command>chpasswd</command>.</para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>newusers</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <phrase> + <citerefentry> + <refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + </phrase> + <citerefentry> + <refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>. + </para> + </refsect1> +</refentry> |