PASSWD(1)                                               PASSWD(1)

     NAME
          passwd - change user password

     SYNOPSIS
          auth/passwd [ -u user ] [ -s signer ] [ keyfile ]

     DESCRIPTION
          Passwd changes the secret shared between the invoker and the
          authentication server signer (default: $SIGNER).  The signer
          must offer the keysrv(4) service.

          The secret is associated with a remote user name that need
          not be the same as the name of the invoking user on the
          local system.  That remote user name is specified by a cer-
          tificate signed by signer, and obtained from keyfile.
          Keyfile identifies a file containing a certificate (default:
          `default').  If keyfile is not an absolute pathname, the
          file used will be /usr/user/keyring/keyfile.  User by
          default is the invoking user's name (read from /dev/user),
          but the -u option can name another.

          Passwd connects to the signer, authenticating using the cer-
          tificate in keyfile, and checks that the user in the cer-
          tificate is registered there with an existing secret.
          Passwd then prompts for the (remote) user's old secret, to
          double-check identity, then prompts for a new one, which
          must be confirmed.

          Secrets must be at least eight characters long.  Try to make
          them hard to guess.

     FILES
          /dev/user    current user name
          /mnt/keysrv  local mount point for connection to remote
                       keysrv(4)

     SOURCE
          /appl/cmd/auth/passwd.b

     SEE ALSO
          keyfs(4), keysrv(4), changelogin(8), logind(8)

     Page 1                       Plan 9            (printed 12/23/24)