Unix users can change their Active Directory passwords using vastool or with PAM-enabled system password utilities such as passwd.
You can use vastool passwd to change your password or to reset another user's password.
Follow the prompts to change your password.
vastool -u <administrator> passwd <target user>
For example, to set the user bsmith's password using the administrative user Administrator@example.com:
vastool -u Administrator@example.com passwd bsmith
You must first authenticate as the administrative user, then you can specify a new password for bsmith.
On PAM-enabled systems you can use the system passwd command to change your Active Directory password.
Note: On some systems such as HPUX and Solaris, the /bin/passwd command may not use PAM. In this case you may see output such as:
passwd: Changing password for bsmith Supported configuration for passwd management are as follows: passwd: files passwd: files ldap passwd: files nis passwd: files nisplus passwd: compat passwd: compat AND passwd_compat: ldap OR passwd_compat: nisplus Please check your /etc/nsswitch.conf file Permission denied
If you see this output, you must use the vastool passwd command to change your Active Directory password.
passwd -r files
This instructs the system to change the local password directly rather than using PAM to change the password.
Authentication Services provides a feature called "mapped user" where you can map local Unix user accounts to Active Directory user accounts. Local users retain all of their local Unix attributes such as UID Number and Login Shell, but they authenticate using their Active Directory password. Active Directory password policies are enforced. You can map users by editing configuration files on the Unix host or using Management Console for Unix.
By mapping a local user to an Active Directory account, the user can log in with his Unix user name and Active Directory password.
Note: Active Directory password policies are not enforced on HP-UX systems which do not have PAM requisite support. To prevent users from authenticating with their old system account password after mapping, install the freely available PAM Requisite package provided by HP.