JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Naming and Directory Services (NIS+)
search filter icon
search icon

Document Information


Part I About Naming and Directory Services

1.  Name Service Switch

Part II NIS+ Setup and Configuration

2.  NIS+: An Introduction

3.  NIS+ Setup Scripts

4.  Configuring NIS+ With Scripts

5.  Setting Up the NIS+ Root Domain

6.  Configuring NIS+ Clients

7.  Configuring NIS+ Servers

8.  Configuring an NIS+ Non-Root Domain

9.  Setting Up NIS+ Tables

Part III NIS+ Administration

10.  NIS+ Tables and Information

11.  NIS+ Security Overview

12.  Administering NIS+ Credentials

13.  Administering NIS+ Keys

14.  Administering Enhanced NIS+ Security Credentials

15.  Administering NIS+ Access Rights

16.  Administering NIS+ Passwords

Using Passwords in NIS+

Logging In to an NIS+ Domain

How to Use Passwords

Login incorrect Message

Password will expire Message

Permission denied Message at Login

Changing Your NIS+ Password

How to Change Your NIS+ Password

NIS+ Password Change Failures

Choosing a Password

Password Requirements

Bad Choices for Passwords

Good Choices for Passwords

Administering NIS+ Passwords

nsswitch.conf File Requirements for Passwords

nispasswd Command

yppasswd Command

passwd Command

passwd and the nsswitch.conf Files

passwd Command and "NIS+ Environment"

passwd Command and Credentials

passwd Command and NIS+ Permissions

passwd Command and NIS+ Keys

passwd Command and Other NIS+ Domains

nistbladm Command

nistbladm and NIS+ Shadow Column Fields

nistbladm and the Number of Days Password Parameter in NIS+

Password-Related Commands in NIS+

Displaying Password Information in NIS+

Changing Passwords in NIS+

Changing Your Own Password

Changing Someone Else's Password in NIS+

Changing Root's Password in NIS+

How to Change root's Password

Locking a Password in NIS+

Unlocking a Password in NIS+

Managing Password Aging in NIS+

Forcing Users to Change Passwords in NIS+

Setting a Password Age Limit in NIS+

Setting Minimum Password Life in NIS+

Establishing a Password Warning Period in NIS+

Turning Off Password Aging in NIS+

Password Privilege Expiration in NIS+

Specifying Maximum Number of Inactive Days for Users in NIS+

Specifying Password Criteria and Defaults in NIS+

/etc/defaults/passwd File

Password Failure Limits

17.  Administering NIS+ Groups

18.  Administering NIS+ Directories

19.  Administering NIS+ Tables

20.  NIS+ Server Use Customization

21.  NIS+ Backup and Restore

22.  Removing NIS+

23.  Information in NIS+ Tables

24.  NIS+ Troubleshooting

A.  NIS+ Error Messages

About NIS+ Error Messages

Common NIS+ Namespace Error Messages

B.  Updates to NIS+ During the Solaris 10 Release

Solaris 10 and NIS+



Using Passwords in NIS+

When logging in to a machine, users must enter both a user name (also known as a login ID) and a password. Although login IDs are publicly known, passwords must be kept secret by their owners.

Logging In to an NIS+ Domain

Logging in to a system is a two-step process.

How to Use Passwords

  1. Type your login ID at the Login: prompt.
  2. Type your password at the Password: prompt.

    (To maintain password secrecy, your password is not displayed on your screen when you type it.)

    If your login is successful you will see your system's message of the day (if any) and then your command-line prompt, windowing system, or normal application.

Login incorrect Message

The Login incorrect message indicates that:

Password will expire Message

If you receive a Your password will expire in N days message (where N is a number of days), or a Your password will expire within 24 hours message, it means that your password will reach its age limit and expire in that number of days (or hours).

In essence, this message is telling you to change your password now. (See Changing Your NIS+ Password.)

Permission denied Message at Login

After entering your login ID and password, you may get a Permission denied message and be returned to the login: prompt. This means that your login attempt has failed because an administrator has either locked your password, or terminated your account, or your password privileges have expired. In these situations you cannot log in until an administrator unlocks your password or reactivates your account or privileges. Consult your system administrator.

Changing Your NIS+ Password

To maintain security, you should change your password regularly. (See Choosing a Password for password requirements and criteria.)

Note - The passwd command now performs all functions previously performed by nispasswd. For operations specific to an NIS+ name space, use passwd -r nisplus.

Changing your password is a four-step process:

How to Change Your NIS+ Password

  1. Run the passwd command at a system prompt.
  2. Type your old password at the Enter login password (or similar) prompt.

    Your keystrokes are not shown on your screen.

    • If you receive a Sorry: less than N days since the last change message, it means that your old password has not been in use long enough and you will not be allowed to change it at this time. You are returned to your system prompt. Consult your system administrator to find out the minimum number of days a password must be in use before it can be changed.

    • If you receive a You may not change this password message, it means that your network administrator has blocked any change.

  3. Type your new password at the Enter new password prompt.

    Your keystrokes are not shown on your screen.

    At this point the system checks to make sure that your new password meets the requirements:

    • If it does meet the requirements, you are asked to enter it again.

    • If your new password does not meet the system requirements, a message is displayed informing you of the problem. You must then enter a new password that does meet the requirements.

    See Password Requirements for the requirements a password must meet.

  4. Type your new password again at the Re-enter new password prompt.

    Your keystrokes are not shown on your screen.

    If your second entry of the new password is not identical to your first entry, you are prompted to repeat the process.

    Note - When changing root's password, you must always run chkey -p immediately after changing the password. (See Changing NIS+ Root Keys From Root and Changing Root Keys From Another NIS+ Machine for information on using chkey -p to change root's keys.) Failure to run chkey -p after changing root's password will result in root being unable to properly log in.

    If you receive a Your password has expired message it means that your password has reached its age limit and expired. In other words, the password has been in use for too long and you must choose a new password at this time. (See Choosing a Password, for criteria that a new password must meet.)

    In this case, choosing a new password is a three-step process:

    1. Type your old password at the Enter login password (or similar) prompt.

      Your keystrokes are not shown on your screen.

    2. Type your new password at the Enter new password prompt.

      Your keystrokes are not shown on your screen.

    3. Type your new password again at the Re-enter new password prompt.

      Your keystrokes are not shown on your screen.

NIS+ Password Change Failures

Some systems limit either the number of failed attempts you can make in changing your password or the total amount of time you can take to make a successful change. (These limits are implemented to prevent someone else from changing your password by guessing your current password.)

If you (or someone posing as you) fails to successfully log in or change your password within the specified number of tries or time limit, you will get a Too many failures - try later or Too many tries: try again later message. You will not be allowed to make any more attempts until a certain amount of time has passed. (That amount of time is set by your administrator.)

Choosing a Password

Many breaches of computer security involve guessing another user's password. While the passwd command enforces some criteria for making sure the password is hard to guess, a clever person can sometimes figure out a password just by knowing something about the user. Thus, a good password is one that is easy for you to remember but hard for someone else to guess. A bad password is one that is so hard for you to remember that you have to write it down (which you are not supposed to do), or that is easy for someone who knows about you to guess.

Password Requirements

A password must meet the following requirements:

Bad Choices for Passwords

Bad choices for passwords include:

Good Choices for Passwords

Good choices for passwords include: