User Config

AIX User Config

The following document contains a description of the user management functions available through the System Management Interface Tool (smit). Before configuring any person as a user, a unique User ID number must be obtained for each user. This number must be between 1100 and 4,294,967,295 and should be unique for this user enterprise wide. This document assumes the following have been performed for each person to be configured as a user: A unique user name has been assigned which conforms to the AIX MSB Standard. A unique numeric user ID has been assigned which conforms to the AIX MSB Standard. The primary group assignment for the user has been determined. The group set for the user has been determined. The home directory for the user has been determined. The phone number of the user is known and available. telnet (ftwecs02) **************************************************************** Unauthorized access is prohibited **************************************************************** login: dfren00 dfren00's Password: Login to the AIX system where you wish to manage users. The users management smit menu should automatically appear, but if not, run the following command at the command prompt to start the smit menu: $ smit users Users Move cursor to desired item and press Enter. Add a User Change a User's Password Change / Show Characteristics of a User Lock / Unlock a User's Account Reset User's Failed Login Count Remove a User List All Users F1=Help F2=Refresh F3=Cancel Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do Notice the key definitions at the bottom of the screen. If you are using a "VT100" terminal emulation, which you probably are if you have used telnet to gain access to the system, then you will only be able to use the first four function keys. Other functions may be executed by pressing the "ESC" key and a number key in quick succession. To add a user to this AIX system, select the menu item labeled "Add a User" and press the key associated with the "Do" function. Add a User Type or select values in entry fields. Press Enter AFTER making all desired changes. [TOP] [Entry Fields] * User NAME [jdoe00] User ID [11505355] # ADMINISTRATIVE USER? false + Primary GROUP [staff] + Group SET [staff,mqm,ecs,controlm] + ADMINISTRATIVE GROUPS [] + ROLES [] + Another user can SU TO USER? false + SU GROUPS [ALL] + HOME directory [/ftwXXX##/home/jdoe00] Initial PROGRAM [] User INFORMATION [John Doe x=405.841.1234] EXPIRATION date (MMDDhhmmyy) [0] Is this user ACCOUNT LOCKED? false + User can LOGIN? true + User can LOGIN REMOTELY? true + Allowed LOGIN TIMES [] Number of FAILED LOGINS before [5] # user account is locked Login AUTHENTICATION GRAMMAR [compat] Valid TTYs [ALL] Days to WARN USER before password expires [14] # Password CHECK METHODS [] Password DICTIONARY FILES [/usr/share/dict/words] NUMBER OF PASSWORDS before reuse [3] # WEEKS before password reuse [0] # Weeks between password EXPIRATION and LOCKOUT [0] Password MAX. AGE [12] # Password MIN. AGE [1] # Password MIN. LENGTH [8] # Password MIN. ALPHA characters [5] # Password MIN. OTHER characters [3] # Password MAX. REPEATED characters [3] # Password MIN. DIFFERENT characters [3] # Password REGISTRY [] Soft FILE size [2097151] # Soft CPU time [-1] Soft DATA segment [262144] # Soft STACK size [65536] # Soft CORE file size [2097151] # Hard FILE size [] # Hard CPU time [] Hard DATA segment [] # Hard STACK size [] # Hard CORE file size [] # File creation UMASK [077] AUDIT classes [] + TRUSTED PATH? nosak + PRIMARY authentication method [SYSTEM] SECONDARY authentication method [NONE] [BOTTOM] F1=Help F2=Refresh F3=Cancel F4=List Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do Enter the user information for the following fields: User NAME User ID Primary GROUP Group SET HOME Directory User INFORMATION The rest of the fields for the user definition should default to the values shown above. If not, set them as shown. When finished, press the key associated with the "Do" function. The "User Name" field is an enterprise wide unique name for this person which is formulated from the first letter of the persons first name, the first four letters of the persons last name (or in the event their last name is less than four letters, then use their entire last name), plus a two digit number maintained by the information security group. The "User ID" field is a calculated value using the following script which is on all Mt Xia's Fort Worth AIX systems: /home/bin/mkuid To run the "mkuid" script, enter the full path name of the script followed by the user name of the person being configured. For example, to determine the UID of the user "John Doe", enter the following at an AIX command prompt: $ /home/bin/mkuid jdoe00 This script will return a single line of output which contains the user name you supplied on the command line, followed by a colon, followed by a numeric value which represents the User ID (UID) for this user name. For the user "jdoe00", the script will return the following output: jdoe00:11505355 The "Primary GROUP" field must be assigned by the person requesting the new user, the application administrator, and the opensystems group. The "Group SET" field must also be assigned by the person requesting the new user, the application administrator, and the opensystems group. The "HOME Directory" field should contain the full path name of the users home directory. The home directory of each users will vary and should be determined as specified in the Special Requirements document. The "User INFORMATION" field should contain the users first and last names, followed my their phone number. The syntax of entering this information should be as follows: firstName LastName x=405.841.#### As an example, for John Doe whose imaginary phone number is (405) 841-9999, his "User INFORMATION" should be entered as: John Doe x=405.841.9999 COMMAND STATUS Command: OK stdout: no stderr: no Before command completion, additional instructions may appear below. F1=Help F2=Refresh F3=Cancel Esc+6=Command Esc+8=Image Esc+9=Shell Esc+0=Exit /=Find n=Find Next If the user is created successfully, the "Command:" field in the upper left corner of the screen will show an "OK" status. If not, it will show a "FAILED" status. When finished, press the key associated with the "Cancel" function. Users Move cursor to desired item and press Enter. Add a User Change a User's Password Change / Show Characteristics of a User Lock / Unlock a User's Account Reset User's Failed Login Count Remove a User List All Users F1=Help F2=Refresh F3=Cancel Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do After creating a new user, the password must be initialized in order to allow the user to login. Or if the user has forgotten his/her password, their password can be reset by a user administrator. Whenever the password is reset by an administrator, the user will be prompted to change that password the first time they login after the password reset. Normally you will only be able to reset your own password using this menu selection. To initialize or change another users password, go to the section of this document titled "Initializing Passwords". In order to user the SMIT menus to change a users password, the users old password must be known. If you know the users old password and want to change it, select the menu option labeled "Change a User's Password" and press the key associated with the "Do" function. Change a User's Password Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] User NAME [jdoe00] + F1=Help F2=Refresh F3=Cancel F4=List Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do Enter the user name of the person who requires a password initialization or reset. When finished, press the key associated with the "Do" function. Changing password for "jdoe00" jdoe00's New password: Enter the new password again: Enter a password for this user. As you are entering the password, the characters will NOT be echoed to the screen while you are typing. This is to prevent an observer from seeing the password. Since you will not be able to see any typing mistakes you may have made while entering the password, you will be required to enter the password twice. If the two instances of the password match, the password will be initialized/reset. If the two instances do not match, you will be informed of this and permitted to re-enter the password. Change a User's Password Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] User NAME [jdoe00] + F1=Help F2=Refresh F3=Cancel F4=List Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do You may enter another user name to initialize/reset their password, or return to the previous menu by pressing the key associated with the "Cancel" function. Users Move cursor to desired item and press Enter. Add a User Change a User's Password Change / Show Characteristics of a User Lock / Unlock a User's Account Reset User's Failed Login Count Remove a User List All Users F1=Help F2=Refresh F3=Cancel Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do If for some reason a mistake was made while creating a user, or the user information has changed, you will need to change the characteristics associated with that user on EVERY machine to which that user has access. To change the characteristics of a user, select the menu item labeled "Change / Show Characteristics of a User" and press the key associated with the "Do" function. Change / Show Characteristics of a User Type or select a value for the entry field. Press Enter AFTER making all desired changes. [Entry Fields] * User NAME [jdoe00] + F1=Help F2=Refresh F3=Cancel F4=List Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do Enter the user name of the person for whom you wish to change their user characteristics. When finished, press the key associated with the "Do" function. Change / Show Characteristics of a User Type or select values in entry fields. Press Enter AFTER making all desired changes. [TOP] [Entry Fields] * User NAME jdoe00 User ID [11505355] # ADMINISTRATIVE USER? false + Primary GROUP [staff] + Group SET [staff,ecs,controlm,mqm] + ADMINISTRATIVE GROUPS [] + ROLES [] + Another user can SU TO USER? false + SU GROUPS [ALL] + HOME directory [/ftwXXX##/home/jdoe00] Initial PROGRAM [/usr/bin/ksh] User INFORMATION [John Doe x=405.841.4321] EXPIRATION date (MMDDhhmmyy) [0] Is this user ACCOUNT LOCKED? false + User can LOGIN? true + User can LOGIN REMOTELY? true + Allowed LOGIN TIMES [] Number of FAILED LOGINS before [5] # user account is locked Login AUTHENTICATION GRAMMAR [compat] Valid TTYs [ALL] Days to WARN USER before password expires [14] # Password CHECK METHODS [] Password DICTIONARY FILES [/usr/share/dict/words] NUMBER OF PASSWORDS before reuse [3] # WEEKS before password reuse [0] # Weeks between password EXPIRATION and LOCKOUT [0] Password MAX. AGE [12] # Password MIN. AGE [1] # Password MIN. LENGTH [8] # Password MIN. ALPHA characters [5] # Password MIN. OTHER characters [3] # Password MAX. REPEATED characters [3] # Password MIN. DIFFERENT characters [3] # Password REGISTRY [files] Soft FILE size [2097151] # Soft CPU time [-1] Soft DATA segment [262144] # Soft STACK size [65536] # Soft CORE file size [2097151] # Hard FILE size [] # Hard CPU time [] Hard DATA segment [] # Hard STACK size [] # Hard CORE file size [] # File creation UMASK [77] AUDIT classes [] + TRUSTED PATH? nosak + PRIMARY authentication method [SYSTEM] SECONDARY authentication method [NONE] [BOTTOM] F1=Help F2=Refresh F3=Cancel F4=List Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do Change all fields which require modification. Do NOT change the "User ID" field. If the "User ID" field requires modification, contact the opensystems on-call person to assist with this modification. When finished, press the key associated with the "Do" function. COMMAND STATUS Command: OK stdout: no stderr: no Before command completion, additional instructions may appear below. F1=Help F2=Refresh F3=Cancel Esc+6=Command Esc+8=Image Esc+9=Shell Esc+0=Exit /=Find n=Find Next If the user is changed successfully, the "Command:" field in the upper left corner of the screen will show an "OK" status. If not, it will show a "FAILED" status. When finished, press the key associated with the "Cancel" function. Change / Show Characteristics of a User Type or select values in entry fields. Press Enter AFTER making all desired changes. [TOP] [Entry Fields] * User NAME jdoe00 User ID [11505355] # ADMINISTRATIVE USER? false + Primary GROUP [staff] + Group SET [staff,ecs,controlm,mqm] + ADMINISTRATIVE GROUPS [] + ROLES [] + Another user can SU TO USER? false + SU GROUPS [ALL] + HOME directory [/ftwXXX##/home/jdoe00] Initial PROGRAM [/usr/bin/ksh] User INFORMATION [John Doe x=405.841.4321] EXPIRATION date (MMDDhhmmyy) [0] [MORE...37] F1=Help F2=Refresh F3=Cancel F4=List Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do Press the key associated with the "Cancel" function. Users Move cursor to desired item and press Enter. Add a User Change a User's Password Change / Show Characteristics of a User Lock / Unlock a User's Account Reset User's Failed Login Count Remove a User List All Users F1=Help F2=Refresh F3=Cancel Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do Allows a system administrator to lock or unlock a user's account. When a user's account is locked, no one can login to that account. When a user's account is unlocked, anyone who knows the correct password can login to the account. This option will NOT unlock a user's account that was locked as a result of too many failed login attempts. Note: To unlock a user's account that was locked because of too many failed logins, the system administrator can use the Reset User's Failed Login Count menu item under the Users menu item of the Security & Users menu. When an account is locked, it can only be unlocked by a user administrator. There will be requirements to intentionally lock users accounts on backup systems which are part of an HACMP cluster. To lock or unlock a users account user, select the menu item labeled "Lock / Unlock a User's Account" and press the key associated with the "Do" function. Lock / Unlock a User's Account Type or select a value for the entry field. Press Enter AFTER making all desired changes. [Entry Fields] * User NAME [jdoe00] + F1=Help F2=Refresh F3=Cancel F4=List Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do Enter the user name of the person whose account you wish to lock or unlock, and press the key associated with the "Do" function. Lock / Unlock a User's Account Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] * User NAME jdoe00 Is this user ACCOUNT LOCKED? false + F1=Help F2=Refresh F3=Cancel F4=List Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do Move the cursor to the field associate with the prompt which says "Is this user ACCOUNT LOCKED?" and press the key associated with the "List" function. Lock / Unlock a User's Account Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] * User NAME jdoe00 Is this user ACCOUNT LOCKED? false + lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Is this user ACCOUNT LOCKED? x x x x Move cursor to desired item and press Enter. x x x x x x true x x false x x x x F1=Help F2=Refresh F3=Cancel x F1x Esc+8=Image Esc+0=Exit Enter=Do x Esx /=Find n=Find Next x Esmqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj A selection list will appear which provides you with the ability to select "true" or "false" as your response to the prompt. If this users account is currently locked and you wish to unlock it, select "true". If this users account is currenty unlocked and you wish to lock it, select "false". When finished selecting the appropriate response, press the key associated with the "Do" function. Lock / Unlock a User's Account Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] * User NAME jdoe00 Is this user ACCOUNT LOCKED? true + F1=Help F2=Refresh F3=Cancel F4=List Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do The selection list will disappear and your selection will be reflected in the entry field associated with the prompt "Is this user ACCOUNT LOCKED?". Press the key associated with the "Do" function. COMMAND STATUS Command: OK stdout: no stderr: no Before command completion, additional instructions may appear below. F1=Help F2=Refresh F3=Cancel Esc+6=Command Esc+8=Image Esc+9=Shell Esc+0=Exit /=Find n=Find Next If the user account is successfully locked, the "Command:" field in the upper left corner of the screen will show an "OK" status. If not, it will show a "FAILED" status. When finished, press the key associated with the "Cancel" function. Lock / Unlock a User's Account Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] * User NAME jdoe00 Is this user ACCOUNT LOCKED? true + F1=Help F2=Refresh F3=Cancel F4=List Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do You may enter another user name to lock or unlock their account, or return to the previous menu by pressing the key associated with the "Cancel" function. Users Move cursor to desired item and press Enter. Add a User Change a User's Password Change / Show Characteristics of a User Lock / Unlock a User's Account Reset User's Failed Login Count Remove a User List All Users F1=Help F2=Refresh F3=Cancel Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do When the count of consecutive unsuccessful login attempts exceeds the number allowed (currently set to three attempts), the account is locked and the user cannot login. When an account is locked, it can only be unlocked by a user administrator. To reset the count of consecutive unsuccessful login attempts on a user's account, which will allow the user to try to login again, select the menu item labeled "Reset User's Failed Login Count" and press the key associated with the "Do" function. Reset User's Failed Login Count Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] * User NAME [jdoe00] + F1=Help F2=Refresh F3=Cancel F4=List Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do Enter the user name of the person whose account you wish to reset the count of consecutive unsuccessful login attempts, and press the key associated with the "Do" function. COMMAND STATUS Command: OK stdout: no stderr: no Before command completion, additional instructions may appear below. F1=Help F2=Refresh F3=Cancel Esc+6=Command Esc+8=Image Esc+9=Shell Esc+0=Exit /=Find n=Find Next If the unsuccessful login count is successfully reset for this user name, the "Command:" field in the upper left corner of the screen will show an "OK" status. If not, it will show a "FAILED" status. When finished, press the key associated with the "Cancel" function. Reset User's Failed Login Count Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] * User NAME [jdoe00] + F1=Help F2=Refresh F3=Cancel F4=List Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do You may enter another user name to reset the unsuccessful login count, or return to the previous menu by pressing the key associated with the "Cancel" function. Users Move cursor to desired item and press Enter. Add a User Change a User's Password Change / Show Characteristics of a User Lock / Unlock a User's Account Reset User's Failed Login Count Remove a User List All Users F1=Help F2=Refresh F3=Cancel Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do Removing a user account deletes the attributes defined for a user, but does NOT remove the user's home directory or files the user owns. Whenever a user is removed from a system, the opensystems group should be notified in order to clean-up and reassign file ownership of the removed users files. To remove a user account from the system, select the menu item labeled "Remove a User" and press the key associated with the "Do" function. Remove a User from the System Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] * User NAME [jdoe00] + Remove AUTHENTICATION information? yes + F1=Help F2=Refresh F3=Cancel F4=List Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do Enter the user name of the person whose account you wish to remove from the system. By answering "yes" in the "Remove Authentication Information?" option, the system will remove the user's password and other user authentication information. Press the key associated with the "Do" function to remove the user. Remove a User from the System Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] * User NAME [jdoe00] + Remove AUTHENTICATION information? yes + lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x ARE YOU SURE? x x x x Continuing may delete information you may want x x to keep. This is your last chance to stop x x before continuing. x x Press Enter to continue. x x Press Cancel to return to the application. x x x F1x F1=Help F2=Refresh F3=Cancel x Esx Esc+8=Image Esc+0=Exit Enter=Do x Esmqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj Press the "Enter" key to continue COMMAND STATUS Command: OK stdout: no stderr: no Before command completion, additional instructions may appear below. F1=Help F2=Refresh F3=Cancel Esc+6=Command Esc+8=Image Esc+9=Shell Esc+0=Exit /=Find n=Find Next If the user name is successfully removed from the system, the "Command:" field in the upper left corner of the screen will show an "OK" status. If not, it will show a "FAILED" status. When finished, press the key associated with the "Cancel" function. Remove a User from the System Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] * User NAME [jdoe00] + Remove AUTHENTICATION information? yes + F1=Help F2=Refresh F3=Cancel F4=List Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do You may enter another user name to remove from the system, or return to the previous menu by pressing the key associated with the "Cancel" function. Users Move cursor to desired item and press Enter. Add a User Change a User's Password Change / Show Characteristics of a User Lock / Unlock a User's Account Reset User's Failed Login Count Remove a User List All Users F1=Help F2=Refresh F3=Cancel Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do To obtain a list of all users which currently exist on the system, select the menu item labeled "List All Users" and press the key associated with the "Do" function. select the COMMAND STATUS Command: OK stdout: no stderr: no Before command completion, additional instructions may appear below. [TOP] root 0 /root daemon 1 /etc bin 2 /bin sys 3 /usr/sys adm 4 /var/adm uucp 5 /usr/lib/uucp guest 100 /home/guest nobody -2 / lpd 9 / invscout 200 /home/invscout imnadm 201 /home/imnadm nuucp 6 /var/spool/uucppublic ipsec 202 /etc/ipsec cduser 1013 /ftwecs02/cduser dfren00 6023717 /home/dfren00 ctrlm01 203 /ftwecs02/bmc/ctrlm01 ecs02 48476 /ftwecs02/bmc/ecs gharr01 19950048 /home/gharr01 cdaye00 2250908 /home/cdaye00 jbass00 8543071 /home/jbass00 sstev00 9681230 /home/sstev00 rplan00 5949631 /home/rplan00 eperm00 5786702 /home/eperm00 jvang00 2971999 /home/jvang00 lhols00 8429661 /home/lhols00 rgaug00 3094649 /home/rgaug00 sbutl00 5375344 /home/sbutl00 kerns00 8466762 /home/kerns00 ntann00 6170783 /home/ntann00 gharr00 8068672 /home/gharr00 phend00 1603417 /home/phend00 dmars00 8525775 /home/dmars00 gharp00 7154720 /home/gharp00 jdean00 5944579 /home/jdean00 ckeen00 6015058 /home/ckeen00 apple00 0 /home/apple00 shutdown 1719692 /shutdown controlm 8112790 /ftwecs02/bmc/controlm ctmagent 2751564 /ftwecs02/bmc/ctmagent ecs 11877124 /ftwecs02/bmc/ecs mqm 11873440 /ftwecs02/ibm/mqm [BOTTOM] F1=Help F2=Refresh F3=Cancel Esc+6=Command Esc+8=Image Esc+9=Shell Esc+0=Exit /=Find n=Find Next When finished view the list of users, return to the previous menu by pressing the key associated with the "Cancel" function. Users Move cursor to desired item and press Enter. Add a User Change a User's Password Change / Show Characteristics of a User Lock / Unlock a User's Account Reset User's Failed Login Count Remove a User List All Users F1=Help F2=Refresh F3=Cancel Esc+8=Image Esc+9=Shell Esc+0=Exit Enter=Do To exit the user administration menu, press the key associated with the "Cancel" function. Initializing Passwords To initialize a users password or if the old password of the user is not known, use the following method to reset a users password. From a command prompt: $ pwdadm <USER NAME> Where <USER NAME> represents the user name of the person for whom you wish to change their password. For more information about the "pwdadm" command see the manual page. For example, to change the password of the user "jdoe00": $ pwdadm jdoe00 Changing password for "jdoe00" aafif00's Password: jdoe00's New password: Enter the new password again: $ Note: The system will require the user administrator to enter their password in order to confirm their identity, before allowing them to change the users password. Root users and members of the security group should not change their personal password with this command. These users should use the "passwd" command. For more information about the "passwd" command see the manual page. If a password is entered that does not conform to the MSB accepted standards, a message similar to the following will be displayed: 3004-602 The required password characteristics are: a minimum of 5 alphabetic characters. a minimum of 3 non-alphabetic characters. a minimum of 3 characters not found in old password. a maximum of 3 repeated characters. a minimum of 8 characters in length. 3004-603 Your password must have: a minimum of 3 non-alphabetic characters. 3004-335 Passwords must not match words in the dictionary. User Administration User Administrators are allowed to: Create regular users. Change attributes of regular users. Delete regular users. Use "pwdadm" command to change the passwords of regular users. Use "passwd" command to change their own password. Use "smit" to change their own password. User Administrators are NOT allowed to: Create administrative users. Change attributes of administrative users. Delete administrative users. Use "passwd" command to change the passwords of regular users unless the users old password is known. Remove files and directories owned by another user without explicit file system permission. Change access permissions on files or directories owned by another user without explicit file system permission. Required AIX Commands