diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-26 16:18:58 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-26 16:18:58 +0000 |
| commit | df9860ad11e4d43fe90cd1d10a7fdb19a141c0c6 (patch) | |
| tree | 920e078110651c9937fffc108917f5d5c09b73e0 /debian/login.defs | |
| parent | Merging upstream version 1:4.15.2. (diff) | |
| download | shadow-df9860ad11e4d43fe90cd1d10a7fdb19a141c0c6.tar.xz shadow-df9860ad11e4d43fe90cd1d10a7fdb19a141c0c6.zip | |
Merging debian version 1:4.15.2-1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/login.defs')
| -rw-r--r-- | debian/login.defs | 74 |
1 files changed, 2 insertions, 72 deletions
diff --git a/debian/login.defs b/debian/login.defs index 4a5c6ea..9756c44 100644 --- a/debian/login.defs +++ b/debian/login.defs @@ -36,12 +36,6 @@ MAIL_DIR /var/mail #MAIL_FILE .mail # -# Enable logging and display of /var/log/faillog login failure info. -# This option conflicts with the pam_tally PAM module. -# -FAILLOG_ENAB yes - -# # Enable display of unknown usernames when login failures are recorded. # # WARNING: Unknown usernames may become world readable. @@ -73,12 +67,6 @@ SYSLOG_SG_ENAB yes #TTYTYPE_FILE /etc/ttytype # -# If defined, login failures will be logged here in a utmp format -# last, when invoked as lastb, will read /var/log/btmp, so... -# -FTMP_FILE /var/log/btmp - -# # If defined, the command name to display when running "su -". For # example, if this is defined as "su" then a "ps" will display the # command is "-su". If not defined, then "ps" would display the @@ -128,32 +116,15 @@ TTYPERM 0600 # # ERASECHAR Terminal ERASE character ('\010' = backspace). # KILLCHAR Terminal KILL character ('\025' = CTRL/U). -# UMASK Default "umask" value. # # The ERASECHAR and KILLCHAR are used only on System V machines. # -# UMASK is the default umask value for pam_umask and is used by -# useradd and newusers to set the mode of the new home directories. -# 022 is the "historical" value in Debian for UMASK -# 027, or even 077, could be considered better for privacy -# There is no One True Answer here : each sysadmin must make up his/her -# mind. -# -# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value -# for private user groups, i. e. the uid is the same as gid, and username is -# the same as the primary group name: for these, the user permissions will be -# used as group permissions, e. g. 022 will become 002. -# -# Prefix these values with "0" to get octal, "0x" to get hexadecimal. -# ERASECHAR 0177 KILLCHAR 025 -UMASK 022 # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new # home directories. -# If HOME_MODE is not set, the value of UMASK is used to create the mode. -#HOME_MODE 0700 +HOME_MODE 0700 # # Password aging controls: @@ -268,17 +239,6 @@ USERGROUPS_ENAB yes #CONSOLE_GROUPS floppy:audio:cdrom # -# If set to "yes", new passwords will be encrypted using the MD5-based -# algorithm compatible with the one used by recent releases of FreeBSD. -# It supports passwords of unlimited length and longer salt strings. -# Set to "no" if you need to copy encrypted passwords to other systems -# which don't understand the new algorithm. Default is "no". -# -# This variable is deprecated. You should use ENCRYPT_METHOD. -# -#MD5_CRYPT_ENAB no - -# # If set to MD5, MD5-based algorithm will be used for encrypting password # If set to SHA256, SHA256-based algorithm will be used for encrypting password # If set to SHA512, SHA512-based algorithm will be used for encrypting password @@ -291,37 +251,7 @@ USERGROUPS_ENAB yes # Note: It is recommended to use a value consistent with # the PAM modules configuration. # -ENCRYPT_METHOD SHA512 - -# -# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. -# -# Define the number of SHA rounds. -# With a lot of rounds, it is more difficult to brute-force the password. -# However, more CPU resources will be needed to authenticate users if -# this value is increased. -# -# If not specified, the libc will choose the default number of rounds (5000), -# which is orders of magnitude too low for modern hardware. -# The values must be within the 1000-999999999 range. -# If only one of the MIN or MAX values is set, then this value will be used. -# If MIN > MAX, the highest value will be used. -# -#SHA_CRYPT_MIN_ROUNDS 5000 -#SHA_CRYPT_MAX_ROUNDS 5000 - -# -# Only works if ENCRYPT_METHOD is set to YESCRYPT. -# -# Define the YESCRYPT cost factor. -# With a higher cost factor, it is more difficult to brute-force the password. -# However, more CPU time and more memory will be needed to authenticate users -# if this value is increased. -# -# If not specified, a cost factor of 5 will be used. -# The value must be within the 1-11 range. -# -#YESCRYPT_COST_FACTOR 5 +ENCRYPT_METHOD YESCRYPT # # The pwck(8) utility emits a warning for any system account with a home |