summaryrefslogtreecommitdiffstats
path: root/debian/login.defs
diff options
context:
space:
mode:
Diffstat (limited to 'debian/login.defs')
-rw-r--r--debian/login.defs74
1 files changed, 2 insertions, 72 deletions
diff --git a/debian/login.defs b/debian/login.defs
index 4a5c6ea..9756c44 100644
--- a/debian/login.defs
+++ b/debian/login.defs
@@ -36,12 +36,6 @@ MAIL_DIR /var/mail
#MAIL_FILE .mail
#
-# Enable logging and display of /var/log/faillog login failure info.
-# This option conflicts with the pam_tally PAM module.
-#
-FAILLOG_ENAB yes
-
-#
# Enable display of unknown usernames when login failures are recorded.
#
# WARNING: Unknown usernames may become world readable.
@@ -73,12 +67,6 @@ SYSLOG_SG_ENAB yes
#TTYTYPE_FILE /etc/ttytype
#
-# If defined, login failures will be logged here in a utmp format
-# last, when invoked as lastb, will read /var/log/btmp, so...
-#
-FTMP_FILE /var/log/btmp
-
-#
# If defined, the command name to display when running "su -". For
# example, if this is defined as "su" then a "ps" will display the
# command is "-su". If not defined, then "ps" would display the
@@ -128,32 +116,15 @@ TTYPERM 0600
#
# ERASECHAR Terminal ERASE character ('\010' = backspace).
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# UMASK Default "umask" value.
#
# The ERASECHAR and KILLCHAR are used only on System V machines.
#
-# UMASK is the default umask value for pam_umask and is used by
-# useradd and newusers to set the mode of the new home directories.
-# 022 is the "historical" value in Debian for UMASK
-# 027, or even 077, could be considered better for privacy
-# There is no One True Answer here : each sysadmin must make up his/her
-# mind.
-#
-# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
-# for private user groups, i. e. the uid is the same as gid, and username is
-# the same as the primary group name: for these, the user permissions will be
-# used as group permissions, e. g. 022 will become 002.
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
ERASECHAR 0177
KILLCHAR 025
-UMASK 022
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
# home directories.
-# If HOME_MODE is not set, the value of UMASK is used to create the mode.
-#HOME_MODE 0700
+HOME_MODE 0700
#
# Password aging controls:
@@ -268,17 +239,6 @@ USERGROUPS_ENAB yes
#CONSOLE_GROUPS floppy:audio:cdrom
#
-# If set to "yes", new passwords will be encrypted using the MD5-based
-# algorithm compatible with the one used by recent releases of FreeBSD.
-# It supports passwords of unlimited length and longer salt strings.
-# Set to "no" if you need to copy encrypted passwords to other systems
-# which don't understand the new algorithm. Default is "no".
-#
-# This variable is deprecated. You should use ENCRYPT_METHOD.
-#
-#MD5_CRYPT_ENAB no
-
-#
# If set to MD5, MD5-based algorithm will be used for encrypting password
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
@@ -291,37 +251,7 @@ USERGROUPS_ENAB yes
# Note: It is recommended to use a value consistent with
# the PAM modules configuration.
#
-ENCRYPT_METHOD SHA512
-
-#
-# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
-#
-# Define the number of SHA rounds.
-# With a lot of rounds, it is more difficult to brute-force the password.
-# However, more CPU resources will be needed to authenticate users if
-# this value is increased.
-#
-# If not specified, the libc will choose the default number of rounds (5000),
-# which is orders of magnitude too low for modern hardware.
-# The values must be within the 1000-999999999 range.
-# If only one of the MIN or MAX values is set, then this value will be used.
-# If MIN > MAX, the highest value will be used.
-#
-#SHA_CRYPT_MIN_ROUNDS 5000
-#SHA_CRYPT_MAX_ROUNDS 5000
-
-#
-# Only works if ENCRYPT_METHOD is set to YESCRYPT.
-#
-# Define the YESCRYPT cost factor.
-# With a higher cost factor, it is more difficult to brute-force the password.
-# However, more CPU time and more memory will be needed to authenticate users
-# if this value is increased.
-#
-# If not specified, a cost factor of 5 will be used.
-# The value must be within the 1-11 range.
-#
-#YESCRYPT_COST_FACTOR 5
+ENCRYPT_METHOD YESCRYPT
#
# The pwck(8) utility emits a warning for any system account with a home