Manual Pages


Table of Contents

NAME

na_passwd - Modifies the system administrative user's password.

SYNOPSIS

passwd

rsh-only usage:

passwd oldpassword newpassword [ username ]

DESCRIPTION

passwd changes a node's administrative user's password. If there are any non-root users on the node, you will be prompted for a user's login name.

Next, you will be prompted for the user's current password. If you have the capability security-passwd_change-others (root has this capability), you will automatically bypass this step.

Finally, you will be prompted for the new password. The node imposes no default minimum length or special character requirement for root or for Administrator, though this can be changed by setting the option security.passwd.rules.everyone to on.

As with any password, it is best to choose a password unlikely to be guessed by an intruder. All non-root administrative users' passwords must meet the following settable restrictions:

- it should be at least 8 characters long

-
it should contain at least two alphabetic characters

- it should contain at least one digit

By default, the above criteria are enforced by the node when a new password is given. However, there are a few options which will change the password requirements. security.passwd.rules.enable can be used to prevent the restrictions from being enforced, and there are a series of other options under security.passwd.rules which specify requirements. See na_options(1) for additional information.

If the node is booted from floppy disk, selection "(3) Change password" enables you to reset the root password without entering the old password. This is useful for the forgetful.

The second style of using the passwd command, shown in the SYNOPSIS above, is only allowed when you execute the password command using rsh. Since rsh doesn't allow prompting, all the necessary values must be put on the command-line. If root is the only user on the system, you do not have to provide an explicit username as a third argument. In this case, root is assumed.

HA CONSIDERATIONS

Each node in an HA pair can have a different password. However, in takeover mode, use only the password set on the live node to access the consoles of both nodes. You do not need to enter the failed node's password to execute commands in partner mode.

Because the password for the failed node becomes unnecessary after a takeover, you do not have increased security by assigning different passwords to the nodes in an HA pair. NetApp Inc recommends that you use the same password for both nodes.

VFILER CONSIDERATIONS

When run from a vfiler context (for example via the vfiler run command), passwd operates on the concerned vfiler, and can only be used to change the password of a user of that vfiler.

SEE ALSO

na_partner(1), na_useradmin(1), na_options(1), na_vfiler(1)


Table of Contents