logo

Manual Pages


Table of Contents

NAME

na_passwd - modify the system administrative user's password

SYNOPSIS

passwd

rsh-only usage:

passwd oldpassword newpassword [ username ]

DESCRIPTION

passwd changes a filer's administrative user's password. If there are any non-root users on the filer, you will be prompted for a user's login name.

Next, you will be prompted for the user's current password. If you have the capability security-passwd-change_others, (root has this capability), you will automatically bypass this step.

Finally, you will be prompted for the new password. The filer imposes no default minimum length or special character requirement for root or for Administrator, though this can be changed by setting the option secu_rity.passwd.rules.everyone to on.

As with any password, it is best to choose a password unlikely to be guessed by an intruder. All non-root administrative user's passwords must meet the following setable restrictions:

- it should be at least 8 characters long

- it should contain at least two alphabetic characters

- it should contain at least one digit

By default, the above criteria are enforced by the filer when a new password is given. However, there are a few options which will change the password requirements. secu_rity.passwd.rules.enable can be used to prevent the
restrictions from being enforced, and there are a series of other options under security.passwd.rules which specify requirements. See na_options(1) for additional information.

If the filer is booted from floppy disk, selection "(3) Change password" enables you to reset the root password without entering the old password. This is useful for the forgetful.

The second style of using the passwd command, shown in the SYNOPSIS above, is only allowed when you execute the password command using rsh. Since rsh doesn't allow prompting, all the necessary values must be put on the command-line. If root is the only user on the system, you do not have to provide an explicit username as a third argument. In this case, root is assumed.

CLUSTER CONSIDERATIONS

Each filer in a cluster can have a different password. However, in takeover mode, use only the password set on the live filer to access the consoles of both filers. You do not need to enter the failed filer's password to execute commands in partner mode.

Because the password for the failed filer becomes unnecessary after a takeover, you do not have increased security by assigning different passwords to the filers in a cluster. Network Appliance recommends that you use the same password for both filers.

VFILER CONSIDERATIONS

When run from a vfiler context, (e.g. via the vfiler run command), passwd operates on the concerned vfiler, and can only be used to change the password of a user of that vfiler.

SEE ALSO

na_partner(1), na_useradmin(1), na_options(1), na_vfiler(1)


Table of Contents