passwd utility configuration
The pspasswd file specifies the passwd utility used to perform an operation on a non- Bravura Security Fabric users password. Usually, this option specifies operating system’s passwd command. The native password operation is executed if the user is contained in the [restricted-user-list] option, or is contained in the ignore list on the Bravura Security Fabric server. The options are as follows:
passwd-cmd-reset A reset operation is less strict than a change operation since it does not validate the users old password first. Most native passwd commands do both change and reset operations depending on who is running the command and the arguments passed on the command line. Generally, running the passwd command as superuser is considered a password reset operation.
This option accepts psunix textual replacement strings, notably the "%u" keyword indicating the username.
Example:
passwd-cmd-reset = "/bin/passwd.bin %u";
passwd-cmd-change A change operation is more strict than a reset operation since it validates the user's old password first. Most native passwd commands do both change and reset operations depending on who is running the command and the arguments passed on the command line. Generally, running the passwd command as a non-privileged user is considered a password change operation.
This option accepts psunix textual replacement strings, notably the "%u" keyword indicating the username.
Example:
passwd-cmd-change = "/usr/bin/yppasswd %u";
Exit status codes
The following table outlines the pspasswd exit status codes:
Error code | Description |
|---|---|
0 | Success. |
1 | Syntax error in PSLang override script. |
2 | Failed to acquire password policy from remote |
3 | Failed to reset password using native command line tool. |
4 | Failed to reset password. |