Merging upstream version 1:4.15.2.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-06-26 16:18:39 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-06-26 16:18:39 +0000
commit: 5242eef8fc54636a41701fd9d7083ba6e4a4e0b3 (patch)
tree: e6a0980092957865a937cc0f34446df3d5194e99 /man/chgpasswd.8.xml
parent: Releasing progress-linux version 1:4.13+dfsg1-5~progress7.99u1. (diff)
download: shadow-5242eef8fc54636a41701fd9d7083ba6e4a4e0b3.tar.xz
shadow-5242eef8fc54636a41701fd9d7083ba6e4a4e0b3.zip
1 files changed, 46 insertions, 18 deletions
diff --git a/man/chgpasswd.8.xml b/man/chgpasswd.8.xml
index bd2d117..f4a83c2 100644
--- a/man/chgpasswd.8.xml
+++ b/man/chgpasswd.8.xml
@@ -6,10 +6,12 @@
 -->
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY BCRYPT_MIN_ROUNDS     SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
 <!ENTITY ENCRYPT_METHOD        SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
 <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
 <!ENTITY MD5_CRYPT_ENAB        SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
 <!ENTITY SHA_CRYPT_MIN_ROUNDS  SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+<!ENTITY YESCRYPT_COST_FACTOR  SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml">
 <!-- SHADOW-CONFIG-HERE -->
 ]>
 
@@ -88,12 +90,16 @@
 	<term><option>-c</option>, <option>--crypt-method</option></term>
 	<listitem>
 	  <para>Use the specified method to encrypt the passwords.</para>
-	  <para condition="no_sha_crypt">
-	    The available methods are DES, MD5, and NONE.
-	  </para>
-	  <para condition="sha_crypt">
-	    The available methods are DES, MD5, NONE, and SHA256 or SHA512
-	    if your libc support these methods.
+	  <para>
+	    The available methods are <phrase condition="bcrypt">
+	    <replaceable>BCRYPT</replaceable>,</phrase>
+	    <replaceable>DES</replaceable>,
+	    <replaceable>MD5</replaceable><phrase condition="sha_crypt">,
+	    <replaceable>SHA256</replaceable>,
+	    <replaceable>SHA512</replaceable></phrase><phrase condition="yescrypt">,
+	    <replaceable>YESCRYPT</replaceable></phrase> and
+	    <replaceable>NONE</replaceable>
+	    if your libc supports these methods.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -131,29 +137,49 @@
 	  </para>
 	</listitem>
       </varlistentry>
-      <varlistentry condition="sha_crypt">
+      <varlistentry condition="bcrypt;sha_crypt;yescrypt">
 	<term><option>-s</option>, <option>--sha-rounds</option></term>
 	<listitem>
 	  <para>
 	    Use the specified number of rounds to encrypt the passwords.
 	  </para>
 	  <para>
-	    The value 0 means that the system will choose the default
-	    number of rounds for the crypt method (5000).
+	    You can only use this option with crypt method:
+	    <phrase condition="bcrypt">
+	    <replaceable>BCRYPT</replaceable></phrase>
+	    <phrase condition="sha_crypt">
+	    <replaceable>SHA256</replaceable>
+	    <replaceable>SHA512</replaceable></phrase>
+	    <phrase condition="yescrypt">
+	    <replaceable>YESCRYPT</replaceable></phrase>
 	  </para>
-	  <para>
-	    A minimal value of 1000 and a maximal value of 999,999,999
-	    will be enforced.
+	  <para condition="bcrypt">
+	    By default, the number of rounds for BCRYPT is defined by the
+	    BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in
+	    <filename>/etc/login.defs</filename>.
 	  </para>
-	  <para>
-	    You can only use this option with the SHA256 or SHA512
-	    crypt method.
+	  <para condition="bcrypt">
+	    A minimal value of 4 and a maximal value of 31
+	    will be enforced for BCRYPT. The default number of rounds is 13.
 	  </para>
-	  <para>
-	    By default, the number of rounds is defined by the
-	    SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
+	  <para condition="sha_crypt">
+	    By default, the number of rounds for SHA256 or SHA512 is defined by
+	    the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
 	    <filename>/etc/login.defs</filename>.
 	  </para>
+	  <para condition="sha_crypt">
+	    A minimal value of 1000 and a maximal value of 999,999,999
+	    will be enforced for SHA256 and SHA512. The default number of rounds
+	    is 5000.
+	  </para>
+	  <para condition="yescrypt">
+	    By default, the number of rounds for YESCRYPT is defined by the
+	    YESCRYPT_COST_FACTOR in <filename>/etc/login.defs</filename>.
+	  </para>
+	  <para condition="yescrypt">
+	    A minimal value of 1 and a maximal value of 11
+	    will be enforced for YESCRYPT. The default number of rounds is 5.
+	  </para>
 	</listitem>
       </varlistentry>
     </variablelist>
@@ -179,10 +205,12 @@
       tool:
     </para>
     <variablelist>
+      &BCRYPT_MIN_ROUNDS; <!--This also document BCRYPT_MAX_ROUNDS-->
       &ENCRYPT_METHOD;
       &MAX_MEMBERS_PER_GROUP;
       &MD5_CRYPT_ENAB;
       &SHA_CRYPT_MIN_ROUNDS; <!--This also document SHA_CRYPT_MAX_ROUNDS-->
+      &YESCRYPT_COST_FACTOR;
     </variablelist>
   </refsect1>
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-06-26 16:18:39 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-06-26 16:18:39 +0000
commit	5242eef8fc54636a41701fd9d7083ba6e4a4e0b3 (patch)
tree	e6a0980092957865a937cc0f34446df3d5194e99 /man/chgpasswd.8.xml
parent	Releasing progress-linux version 1:4.13+dfsg1-5~progress7.99u1. (diff)
download	shadow-5242eef8fc54636a41701fd9d7083ba6e4a4e0b3.tar.xz shadow-5242eef8fc54636a41701fd9d7083ba6e4a4e0b3.zip