Ch_Passwd - Bay Networks 5390 Administering

The integrated passwd form keeps both the user names/UIDs (used by ls and other programs to
translate UIDs and user names) and one-way-encrypted passwords (using salted DES encryption)
in a single file. The passwd/shadow form places an x in place of a password in the passwd file and
saves the encrypted passwords in a separate file called shadow.
The integrated passwd form is a Berkeley standard; the passwd/shadow form is System V-based.
The passwd/shadow form is more secure because the permissions on the user names (which are
world-readable) and the encrypted passwords (root-readable only) can be set separately.
Additionally, the passwd/shadow form allows password aging, forcing users to change their
passwords periodically. (The convert program, located in the erpcd directory, can change the
integrated passwd form to passwd/shadow form and vice-versa.)

ch_passwd

The ch_passwd utility enables users to change their password when accessing the Model 5390
server through the Access Control Protocol (ACP) security system. This utility affects only
passwords in the acp_passwd or acp_shadow file. Table C4-3 describes the supported argument
for ch_passwd.
The ch_passwd utility first prompts for the old password, and then for the new one. The syntax is:
ch_passwd
A superuser can change the password for any user. The syntax is:
ch_passwd [username]
893-741-B
NOTE: To change the Model 5390 user password, the user name in
the acp_passwd file must match the user name in the /etc/passwd
(or /etc/shadow) file on the ACP host.
Utilities
C4-7