Merging upstream version 1:4.15.2.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

8 files changed, 84 insertions, 17 deletions

diff --git a/man/login.defs.d/BCRYPT_MIN_ROUNDS.xml b/man/login.defs.d/BCRYPT_MIN_ROUNDS.xml
new file mode 100644
index 0000000..81ee5c9
--- /dev/null
+++ b/man/login.defs.d/BCRYPT_MIN_ROUNDS.xml
@@ -0,0 +1,40 @@
+<!--
+   SPDX-FileCopyrightText: 2007 - 2008, Nicolas François
+   SPDX-License-Identifier: BSD-3-Clause
+-->
+<varlistentry condition="bcrypt">
+  <term><option>BCRYPT_MIN_ROUNDS</option> (number)</term>
+  <term><option>BCRYPT_MAX_ROUNDS</option> (number)</term>
+  <listitem>
+    <para>
+      When <option>ENCRYPT_METHOD</option> is set to
+      <replaceable>BCRYPT</replaceable>, this defines the number of
+      BCRYPT rounds used by the encryption algorithm by default (when the
+      number of rounds is not specified on the command line).
+    </para>
+    <para>
+      With a lot of rounds, it is more difficult to brute force the
+      password. But note also that more CPU resources will be needed to
+      authenticate users.
+    </para>
+    <para>
+      The values must be inside the 4-31 range.
+    </para>
+    <para>
+      If only one of the <option>BCRYPT_MIN_ROUNDS</option> or
+      <option>BCRYPT_MAX_ROUNDS</option> values is set, then this value
+      will be used.
+    </para>
+    <para>
+      If <option>BCRYPT_MIN_ROUNDS</option> &gt;
+      <option>BCRYPT_MAX_ROUNDS</option>, the highest value will be
+      used.
+    </para>
+    <para condition="pam">
+      Note: This only affect the generation of group passwords.
+      The generation of user passwords is done by PAM and subject to the
+      PAM configuration. It is recommended to set this variable
+      consistently with the PAM configuration.
+    </para>
+  </listitem>
+</varlistentry>
diff --git a/man/login.defs.d/CONSOLE_GROUPS.xml b/man/login.defs.d/CONSOLE_GROUPS.xml
index 0fd874c..1875bc6 100644
--- a/man/login.defs.d/CONSOLE_GROUPS.xml
+++ b/man/login.defs.d/CONSOLE_GROUPS.xml
@@ -4,7 +4,7 @@
    SPDX-FileCopyrightText: 2007 - 2008, Nicolas François
    SPDX-License-Identifier: BSD-3-Clause
 -->
-<varlistentry>
+<varlistentry condition="no_pam">
   <term><option>CONSOLE_GROUPS</option> (string)</term>
   <listitem>
     <para>
diff --git a/man/login.defs.d/ENCRYPT_METHOD.xml b/man/login.defs.d/ENCRYPT_METHOD.xml
index 85dd79b..531ce04 100644
--- a/man/login.defs.d/ENCRYPT_METHOD.xml
+++ b/man/login.defs.d/ENCRYPT_METHOD.xml
@@ -10,11 +10,13 @@
       passwords (if no algorithm are specified on the command line).
     </para>
     <para>
-      It can take one of these values:
+      It can take one of these values: <phrase condition="bcrypt">
+      <replaceable>BCRYPT</replaceable>,</phrase>
       <replaceable>DES</replaceable> (default),
       <replaceable>MD5</replaceable><phrase condition="sha_crypt">,
       <replaceable>SHA256</replaceable>,
-      <replaceable>SHA512</replaceable></phrase>.
+      <replaceable>SHA512</replaceable></phrase><phrase condition="yescrypt">,
+      <replaceable>YESCRYPT</replaceable></phrase>.
       MD5 and DES should not be used for new hashes, see
       <refentrytitle>crypt</refentrytitle><manvolnum>5</manvolnum>
       for recommendations.
diff --git a/man/login.defs.d/ENV_HZ.xml b/man/login.defs.d/ENV_HZ.xml
index daf1752..e1298cb 100644
--- a/man/login.defs.d/ENV_HZ.xml
+++ b/man/login.defs.d/ENV_HZ.xml
@@ -4,8 +4,7 @@
    SPDX-FileCopyrightText: 2007 - 2008, Nicolas François
    SPDX-License-Identifier: BSD-3-Clause
 -->
-<varlistentry>
-  <!-- XXX: When compiled with PAM support, only sulogin uses ENV_HZ -->
+<varlistentry condition="no_pam">
   <term><option>ENV_HZ</option> (string)</term>
   <listitem>
     <para>
@@ -14,10 +13,6 @@
       <replaceable>HZ=</replaceable>. A common value on Linux is
       <replaceable>HZ=100</replaceable>.
     </para>
-    <para condition="pam">
-      The <envar>HZ</envar> environment variable is only set when the user
-      (the superuser) logs in with <command>sulogin</command>.
-    </para>
     <!-- TODO: it can in fact be used to set any other variable-->
   </listitem>
 </varlistentry>
diff --git a/man/login.defs.d/PASS_WARN_AGE.xml b/man/login.defs.d/PASS_WARN_AGE.xml
index 0feeb7e..f55afaf 100644
--- a/man/login.defs.d/PASS_WARN_AGE.xml
+++ b/man/login.defs.d/PASS_WARN_AGE.xml
@@ -9,8 +9,8 @@
   <listitem>
     <para>
       The number of days warning given before a password expires. A zero
-      means warning is given only upon the day of expiration, a negative
-      value means no warning is given. If not specified, no warning will
+      means warning is given only upon the day of expiration, a value of
+      -1 means no warning is given. If not specified, no warning will
       be provided.
     </para>
   </listitem>
diff --git a/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml b/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml
index 43972d7..a22c324 100644
--- a/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml
+++ b/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml
@@ -14,7 +14,7 @@
       of rounds is not specified on the command line).
     </para>
     <para>
-      With a lot of rounds, it is more difficult to brute forcing the
+      With a lot of rounds, it is more difficult to brute force the
       password. But note also that more CPU resources will be needed to
       authenticate users.
     </para>
diff --git a/man/login.defs.d/TTYGROUP.xml b/man/login.defs.d/TTYGROUP.xml
index e7cb53d..8e0a9e8 100644
--- a/man/login.defs.d/TTYGROUP.xml
+++ b/man/login.defs.d/TTYGROUP.xml
@@ -14,15 +14,16 @@
       <option>TTYPERM</option>.
     </para>
     <para>
-      By default, the ownership of the terminal is set to the user's
-      primary group and the permissions are set to
-      <replaceable>0600</replaceable>.
-    </para>
-    <para>
       <option>TTYGROUP</option> can be either the name of a group or a
       numeric group identifier.
     </para>
     <para>
+      If TTYGROUP is not defined, then the group ownership of the terminal is
+      set to the user's primary group.  If TTYPERM is not defined, then the
+      permissions are set to
+      <replaceable>0600</replaceable>.
+    </para>
+    <para>
       If you have a <command>write</command> program which is "setgid" to
       a special group which owns the terminals, define TTYGROUP to the
       group number and TTYPERM to 0620.  Otherwise leave TTYGROUP
diff --git a/man/login.defs.d/YESCRYPT_COST_FACTOR.xml b/man/login.defs.d/YESCRYPT_COST_FACTOR.xml
new file mode 100644
index 0000000..b9c5314
--- /dev/null
+++ b/man/login.defs.d/YESCRYPT_COST_FACTOR.xml
@@ -0,0 +1,29 @@
+<!--
+   SPDX-FileCopyrightText: 2007 - 2008, Nicolas François
+   SPDX-License-Identifier: BSD-3-Clause
+-->
+<varlistentry condition="yescrypt">
+  <term><option>YESCRYPT_COST_FACTOR</option> (number)</term>
+  <listitem>
+    <para>
+      When <option>ENCRYPT_METHOD</option> is set to
+      <replaceable>YESCRYPT</replaceable>, this defines the cost factor
+      used by the encryption algorithm by default (when the cost factor
+      is not specified on the command line).
+    </para>
+    <para>
+      With a high cost factor, it is more difficult to brute force the
+      password. But note also that more CPU resources will be needed to
+      authenticate users.
+    </para>
+    <para>
+      The value must be inside the 1-11 range.
+    </para>
+    <para condition="pam">
+      Note: This only affect the generation of group passwords.
+      The generation of user passwords is done by PAM and subject to the
+      PAM configuration. It is recommended to set this variable
+      consistently with the PAM configuration.
+    </para>
+  </listitem>
+</varlistentry>