diff options
Diffstat (limited to 'man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml')
| -rw-r--r-- | man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml b/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml new file mode 100644 index 0000000..0755e69 --- /dev/null +++ b/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml @@ -0,0 +1,69 @@ +<!-- + Copyright (c) 2007 - 2008, Nicolas François + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. The name of the copyright holders or contributors may not be used to + endorse or promote products derived from this software without + specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +--> +<varlistentry condition="sha_crypt"> + <term><option>SHA_CRYPT_MIN_ROUNDS</option> (number)</term> + <term><option>SHA_CRYPT_MAX_ROUNDS</option> (number)</term> + <listitem> + <para> + When <option>ENCRYPT_METHOD</option> is set to + <replaceable>SHA256</replaceable> or + <replaceable>SHA512</replaceable>, this defines the number of SHA + rounds used by the encryption algorithm by default (when the number + of rounds is not specified on the command line). + </para> + <para> + With a lot of rounds, it is more difficult to brute forcing the + password. But note also that more CPU resources will be needed to + authenticate users. + </para> + <para> + If not specified, the libc will choose the default number of rounds + (5000). + </para> + <para> + The values must be inside the 1000-999,999,999 range. + </para> + <para> + If only one of the <option>SHA_CRYPT_MIN_ROUNDS</option> or + <option>SHA_CRYPT_MAX_ROUNDS</option> values is set, then this value + will be used. + </para> + <para> + If <option>SHA_CRYPT_MIN_ROUNDS</option> > + <option>SHA_CRYPT_MAX_ROUNDS</option>, the highest value will be + used. + </para> + <para condition="pam"> + Note: This only affect the generation of group passwords. + The generation of user passwords is done by PAM and subject to the + PAM configuration. It is recommended to set this variable + consistently with the PAM configuration. + </para> + </listitem> +</varlistentry> |