chpasswd
Change passwords in batch for users
TLDR
Change the password for a specific user
Change the passwords for multiple users (The input text must not contain any spaces.)
Change the password for a specific user, and specify it in encrypted form
Change the password for a specific user, and use a specific encryption for the stored password
SYNOPSIS
chpasswd [options]
PARAMETERS
-e
chpasswd accepts encrypted passwords. Default is plain text.
-c algorithm
Use algorithm to encrypt the password. Use 'help' to show supported algorithms.
-m
Modify the password of the current user using stdin
DESCRIPTION
The chpasswd command updates user passwords in batch mode. It reads username:password pairs from standard input. The password can be clear text or, optionally, a hash generated by a hashing algorithm. This command is particularly useful for scripting and automating password changes across multiple accounts or systems. The primary use case is to manage many user passwords from a single script. Passwords are immediately updated in the system's password database, typically /etc/shadow. It's crucial to exercise caution when using chpasswd, especially with clear text passwords, as they can be exposed in command history or logs. Therefore, always ensure that your system is secure and use appropriate password policies. chpasswd leverages PAM (Pluggable Authentication Modules) to authenticate and update user passwords. It allows to utilize of different authentication methods and security configurations depending on the current system configutation.
CAVEATS
Using chpasswd with cleartext passwords is inherently insecure. Consider using stronger password hashing algorithms and encryption to protect sensitive information. Also, ensure your script handles errors gracefully to avoid unintended consequences. Never store clear text passwords in scripts.
SECURITY CONSIDERATIONS
Always prioritize security when using chpasswd. Avoid storing passwords in plaintext. If you must use plaintext, remove them from your script once you are done processing them. Audit password changes regularly to detect any anomalies.
PAM INTEGRATION
chpasswd relies on PAM for authentication and password management. Ensure that PAM is configured correctly to allow chpasswd to function as expected.
Verify PAM configuration by reviewing /etc/pam.d/chpasswd file.
HISTORY
chpasswd has been a standard utility in most Linux distributions for many years. It was primarily developed as a convenient way to automate password management tasks, particularly in environments with a large number of user accounts.