-
Notifications
You must be signed in to change notification settings - Fork 5
/
nipasswd.8
97 lines (96 loc) · 2.31 KB
/
nipasswd.8
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
.\" $Id: nipasswd.8,v 1.6 2002/08/24 07:15:35 chip Exp $
.TH NIPASSWD 8L
.SH NAME
nipasswd - Non-interactive password utility for PAM systems.
.SH SYNTAX
.B nipasswd
[
.B \-Dac
]
.SH DESCRIPTION
The
.I nipasswd
utility is a non-interactive program to authenticate users or change
account passwords. It is intended to provide these capabilities--normally
privileged operations--to other scripts and programs in a moderately
safe and secure fashion.
.P
By default,
.I nipasswd
attempts to change the password on a user account. At startup, it reads
three lines of input from stdin:
.RS
.P
.nf
username
old_password
new_password
.fi
.RE
.P
It first verifies that the
.I old_password
is correct for the
.I username
account, and then attempts to change it to
.IR new_password .
.P
.P
If the
.B \-a
option is given, then
.I nipasswd
changes to authenticate mode. In this mode, it reads just two lines
from stdin (\fIusername\fP and \fIpassword\fP) and attempts to authenticate
the user.
.P
The
.B \-D
option enables debug output.
.P
A minimum UID is enforced, as controlled by the MIN_AUTH_UID and
MIN_CHANGE_UID values compiled into the program. An attempt to authorize
a user or change a password for an account below these limits will
be denied. In the distributed version of this program, both values are
set to 100.
.P
This utility operates under
the
.IR pam (8)
system, using a service name of "nipasswd".
.SH EXIT STATUS
.IP 0 4
Password has been successfully changed.
.IP 1 4
Failure due to some error. Password unchanged.
.IP 2 4
Failure due to authorization error. Either the
.I username
does not exist, the
.I old_password
is incorrect, or the UID of this
account below the minimum permitted. Password unchanged.
.IP 3 4
Failure due to bad password checks. This will occur only when the
.B \-c
option is given. Password unchanged.
.P
In the case of non-zero exit status, a diagnostic message will be
written to the output.
.SH FILES
/etc/pam.d/nipass
.SH BUGS
This utility does not implement any guards against dictionary attacks on
account passwords, other than invoking a delay penalty on authentication
failures.
.P
The PAM API makes my head hurt.
.SH AUTHOR
.nf
This file is part of the "web-chpass" package.
See <https://github.com/chip-rosenthal/web-chpass> for more information.
Chip Rosenthal
.fi
.SH SEE ALSO
pam(8), passwd(1)