Previous Topic: SEOS_load Utility—Load the CA ControlMinder Interception ModuleNext Topic: sepmd Utility


sepass Utility—Set or Replace a Password

Valid on UNIX

The sepass utility sets a new password or replaces an existing password in the local host, in a Policy Model, or in the NIS or NIS+ server, as applicable.

The sepass utility changes the user password. Additionally, privileged users can use sepass to change the passwords of other users. When changing your own password, sepass prompts you for your old password.

Note: If seosd is not running, sepass runs a default password program. The DefaultPasswdCmd token in the passwd section of the seos.ini file specifies the default password program. Passwords are stored and transferred over the network in an encrypted format.

This command has the following format:

sepass [‑d] [‑l] [‑p] [‑s policy_model@hostname] \
[-g number] [‑x] [userName]
‑d

Displays all the information it has regarding the password update, such as on which stations the update succeeded and if you did not activate setoptions class+(PASSWORD), that the password's quality was not checked. This switch is useful when debugging.

-g number

Defines the number of grace logins for userName.

‑h

Displays the help for this utility.

‑l

Replaces the password only on the local station; that is, in the local password file (usually /etc/passwd), security files, and the local database.

In the NIS/NIS+ environments, users are not usually defined in the /etc/passwd file of the client; therefore, the password on the client station is not updated.

In NIS/NIS+ server stations, the password is updated locally and propagated by NIS/NIS+.

This switch and the ‑p and ‑s switches are mutually exclusive.

‑p

Changes the password only on the remote station and on the PMDB at the host specified in the switch. This switch and the ‑l and ‑s switches are mutually exclusive.

‑s policy_model@hostname

Replaces the password on the local station and on the PMDB at the host specified in the switch. This switch and the ‑l and ‑p switches are mutually exclusive.

‑x

Replaces the password as if changed by the user username. This switch updates the time and date of the last change in the database. Grace logins are terminated.

Note: To let you change the root password as if changed by root, you have to set the RootPwAsOwn appropriately. For more information about seos.ini tokens, see the Reference Guide.

username

(Optional) Specifies the name of the user whose password sepass changes. If you omit this option, your own password is set.

Examples

The following examples illustrate how you can use sepass in a variety of situations: