- Passwd (command)
passwd is a tool on most
Unixand Unix-likeoperating systems used to change a user's password. The passwd entered by the user is run through a key derivation functionto create a hashed version of the new password, which is saved. Only the hashed version is stored; the entered password is not saved for security reasons.
When the user logs on, the password entered by the user during the log on process is run through the same key derivation function and the resulting hashed version is compared with the saved version. If the hashes are identical, the entered password must be identical, and so the user is authenticated.
The passwd command may be used to change passwords for local accounts, and on most systems, can also be used to change passwords managed in a distributed authentication mechanism such as NIS, Kerberos, or
In the past, it was necessary to have different commands to change passwords in different authentication schemes. For example, the command to change a NIS password was "yppasswd". This required users to be aware of the different methods to change passwords for different systems, and also resulted in wasteful duplication of code in the various programs that performed the same functions with different
back ends. In most implementations, there is now a single passwd command, and the control of where the password is actually changed is handled transparently to the user via pluggable authentication modules (PAMs).
Wikimedia Foundation. 2010.