PASSWD(1)                                               PASSWD(1)

     NAME
          passwd, netkey - change or verify user password

     SYNOPSIS
          passwd [ -1 ] [ username[@domain] ]

          netkey

     DESCRIPTION
          Passwd changes the invoker's Plan 9 password and/or APOP
          secret.  The Plan 9 password is used to login to a terminal
          while the APOP secret is used for a number of external ser-
          vices: POP3, IMAP, and VPN access.  The optional argument
          specifies the user name and authentication domain to use if
          different than the one associated with the machine passwd is
          run on.

          The program first prompts for the old Plan 9 password in the
          specified domain to establish identity.  It then prompts for
          changes to the password and the secret.  New passwords and
          secrets must be typed twice, to forestall mistakes.  New
          passwords must be sufficiently hard to guess.  They may be
          of any length greater than seven characters.

          By default, passwd requires the auth server to support
          dp9ik(6). The -1 flag forces passwd to authenticate using
          p9sk1(6).

          Netkey prompts for a password to encrypt network challenges.
          It is a substitute for a SecureNet box. It may only be run
          on a terminal.

     SOURCE
          /sys/src/cmd/auth/passwd.c
          /sys/src/cmd/auth/netkey.c

     SEE ALSO
          readnvram in authsrv(2), encrypt(2), cons(3), auth(8),
          securenet(8)

          Robert Morris and Ken Thompson, ``UNIX Password Security,''
          AT&T Bell Laboratories Technical Journal Vol 63 (1984), pp.
          1649-1672

     BUGS
          Now that cpu connections are always encrypted, the only good
          reason to require that these commands be run only on termi-
          nals is concern that the CPU server might be subverted.

     Page 1                       Plan 9             (printed 3/29/24)