add Kerberos info

SCCS-vsn: usr.bin/passwd/passwd.1 6.7

diff --git a/usr/src/usr.bin/passwd/passwd.1 b/usr/src/usr.bin/passwd/passwd.1
index bdfa339..92a1177 100644 (file)
--- a/usr/src/usr.bin/passwd/passwd.1
+++ b/usr/src/usr.bin/passwd/passwd.1
@@ -3,37 +3,54 @@
 .\"
 .\" %sccs.include.redist.man%
 .\"
 .\"
 .\" %sccs.include.redist.man%
 .\"

-.\"     @(#)passwd.1   6.6 (Berkeley) %G%
+.\"     @(#)passwd.1   6.7 (Berkeley) %G%

 .\"
 .Dd 
 .Dt PASSWD 1
 .Os BSD 4
 .Sh NAME
 .Nm passwd
 .\"
 .Dd 
 .Dt PASSWD 1
 .Os BSD 4
 .Sh NAME
 .Nm passwd

-.Nd modify password file information
+.Nd modify a user's password

 .Sh SYNOPSIS
 .Nm passwd
 .Sh SYNOPSIS
 .Nm passwd

+.Op Fl l

 .Op Ar user
 .Sh DESCRIPTION
 .Nm Passwd
 .Op Ar user
 .Sh DESCRIPTION
 .Nm Passwd

-changes the user's password.  First, the user is prompted for their
-current
-password, and, if that is correct typed, for a new password.  The new
-password must be entered two times to verify any typing errors.  The
-super-user is not prompted for the old password.
+changes the user's Kerberos password.  First, the user is prompted for their
+current password.
+If the current password is correctly typed, a new password is
+requested.
+The new password must be entered two times to verify any typing errors.

 .Pp
 .Pp

-The new password must be at least six characters long and cannot be
-purely alphabetic.  Numbers, upper case letters and meta characters
+The new password should be at least six characters long and not
+purely alphabetic.
+Its total length must be less than _PASSWORD_LEN (currently 128 characters).
+Numbers, upper case letters and meta characters

 are encouraged.
 .Pp
 Once the password has been verified,
 .Nm passwd
 are encouraged.
 .Pp
 Once the password has been verified,
 .Nm passwd

-uses
+communicates the new password information to
+the Kerberos authenticating host.
+.Tp Fl l
+This option causes the password to be updated only in the local
+password file, and not with the Kerberos database.
+When changing only the local password,

 .Xr mkpasswd  8
 .Xr mkpasswd  8

-to update the user database.  This is run in the background, and,
+is used to update the user database.  This is run in the background, and,

 at very large sites could take several minutes.  Until this update
 is completed, the password file is unavailable for other updates
 and the new password will not be available to programs.
 at very large sites could take several minutes.  Until this update
 is completed, the password file is unavailable for other updates
 and the new password will not be available to programs.

+.Tp
+.Pp
+To change another user's Kerberos password, one must first
+run
+.Xr kinit 1
+followed by
+.Xr passwd 1 .
+The super-user is not required to provide a user's current password
+if only the local password is modified.

 .Sh FILES
 .Dw /etc/master.passwd
 .Di L
 .Sh FILES
 .Dw /etc/master.passwd
 .Di L


@@ -42,8 +59,11 @@ the user database
 .Dp
 .Sh SEE ALSO
 .Xr chpass 1 ,
 .Dp
 .Sh SEE ALSO
 .Xr chpass 1 ,

+.Xr kerberos 1 ,
+.Xr kinit 1 ,

 .Xr login 1 ,
 .Xr passwd 5 ,
 .Xr login 1 ,
 .Xr passwd 5 ,

+.Xr kpasswdd 8 ,

 .Xr mkpasswd 8 ,
 .Xr vipw 8
 .br
 .Xr mkpasswd 8 ,
 .Xr vipw 8
 .br