192

Basic System Administration

Managing passwords

People forget things, like their password. It's human nature. So any system

that is used by humans must have a way of fixing the problem, but it must

work in a secure fashion. On a Linux system, like the Debian system you

have installed, passwords are kept in an encrypted form that is not easy to

break. The only recourse for the  loss  of a password is to create a new one

for the account, and the only account that can do this is the root account.

The program that does this is called passwd. Any user account can use this

program to change the password for that account, but only root can change

the password on another account.

To change the password for fred enter the following command as root:

passwd fred

Unlike when a user executes passwd, when root executes it, there is no request

for the old password. This allows the password to be changed when the old

password is not known, but it will only work for the root account. passwd

will ask for the new password, and then ask for it again to verify correctness.

Once the new account has been given a password by root, the individual who

will use that account should use that password to log into the system and then

use passwd to change the password to something known to no one else.

In the case of fred, suppose the initial password #123fred is assigned the

account. Fred might then use this password to log into the system. Once the

shell prompt appears he only needs to enter:

passwd

The passwd program first asks for the old password. Fred then enters:

#123fred