SolarisMisbehavingPassword

How to correct a misbehaving password under Solaris

Overview

You sometimes bump into this problem while attempting to change a password under Solaris:

root@galactus$ passwd oracle
Password:
New Password:
Re-enter new Password:
passwd: System error: repository out of range.
Permission denied

Correcting the problem and changing the password

Use the following passwd option to change the password:

root@galactus$ passwd -r files oracle
Password:
New Password:
Re-enter new Password:
passwd: password successfully changed for oracle

WARNING This procedure is valid for Solaris 10. For Solaris 8, an additional step is to remove the password of the user in the /etc/shadow file. See the shadow man page for more information. Then, do a passwd in the usual way.

How to make a password valid for a longer duration

WARNING This procedure is valid for Solaris 10 only, and hasn't been tested under Solaris 8.

Check the expiration date information of the password

To do this, use the passwd -s option:

root@galactus # passwd -s clone
clone   PS    06/11/08     0   365    21

(In the example shown above, the password for the user clone has already been modified)

Here is a breakdown of the different information returned:

FieldExplanation
cloneAccount name
PSIndicates that a password has been given to the user
06/11/08Date at which the password was created
0Password age in days
365Password age limit
21Password age warning (before password expiration

Change the expiration date of the password

Use the passwd -x option:

root@galactus # passwd -r files -x 365 clone
Password:
passwd: password information changed for clone

As you can guess, the example shown above adds one year to the password validity. This may or may not be acceptable based on the security policies of your site.

See Also: