diff options
Diffstat (limited to '')
-rw-r--r-- | man/chgpasswd.8.xml | 64 |
1 files changed, 46 insertions, 18 deletions
diff --git a/man/chgpasswd.8.xml b/man/chgpasswd.8.xml index bd2d117..f4a83c2 100644 --- a/man/chgpasswd.8.xml +++ b/man/chgpasswd.8.xml @@ -6,10 +6,12 @@ --> <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +<!ENTITY BCRYPT_MIN_ROUNDS SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml"> <!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml"> <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml"> <!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml"> <!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml"> +<!ENTITY YESCRYPT_COST_FACTOR SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml"> <!-- SHADOW-CONFIG-HERE --> ]> @@ -88,12 +90,16 @@ <term><option>-c</option>, <option>--crypt-method</option></term> <listitem> <para>Use the specified method to encrypt the passwords.</para> - <para condition="no_sha_crypt"> - The available methods are DES, MD5, and NONE. - </para> - <para condition="sha_crypt"> - The available methods are DES, MD5, NONE, and SHA256 or SHA512 - if your libc support these methods. + <para> + The available methods are <phrase condition="bcrypt"> + <replaceable>BCRYPT</replaceable>,</phrase> + <replaceable>DES</replaceable>, + <replaceable>MD5</replaceable><phrase condition="sha_crypt">, + <replaceable>SHA256</replaceable>, + <replaceable>SHA512</replaceable></phrase><phrase condition="yescrypt">, + <replaceable>YESCRYPT</replaceable></phrase> and + <replaceable>NONE</replaceable> + if your libc supports these methods. </para> </listitem> </varlistentry> @@ -131,29 +137,49 @@ </para> </listitem> </varlistentry> - <varlistentry condition="sha_crypt"> + <varlistentry condition="bcrypt;sha_crypt;yescrypt"> <term><option>-s</option>, <option>--sha-rounds</option></term> <listitem> <para> Use the specified number of rounds to encrypt the passwords. </para> <para> - The value 0 means that the system will choose the default - number of rounds for the crypt method (5000). + You can only use this option with crypt method: + <phrase condition="bcrypt"> + <replaceable>BCRYPT</replaceable></phrase> + <phrase condition="sha_crypt"> + <replaceable>SHA256</replaceable> + <replaceable>SHA512</replaceable></phrase> + <phrase condition="yescrypt"> + <replaceable>YESCRYPT</replaceable></phrase> </para> - <para> - A minimal value of 1000 and a maximal value of 999,999,999 - will be enforced. + <para condition="bcrypt"> + By default, the number of rounds for BCRYPT is defined by the + BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in + <filename>/etc/login.defs</filename>. </para> - <para> - You can only use this option with the SHA256 or SHA512 - crypt method. + <para condition="bcrypt"> + A minimal value of 4 and a maximal value of 31 + will be enforced for BCRYPT. The default number of rounds is 13. </para> - <para> - By default, the number of rounds is defined by the - SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in + <para condition="sha_crypt"> + By default, the number of rounds for SHA256 or SHA512 is defined by + the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</filename>. </para> + <para condition="sha_crypt"> + A minimal value of 1000 and a maximal value of 999,999,999 + will be enforced for SHA256 and SHA512. The default number of rounds + is 5000. + </para> + <para condition="yescrypt"> + By default, the number of rounds for YESCRYPT is defined by the + YESCRYPT_COST_FACTOR in <filename>/etc/login.defs</filename>. + </para> + <para condition="yescrypt"> + A minimal value of 1 and a maximal value of 11 + will be enforced for YESCRYPT. The default number of rounds is 5. + </para> </listitem> </varlistentry> </variablelist> @@ -179,10 +205,12 @@ tool: </para> <variablelist> + &BCRYPT_MIN_ROUNDS; <!--This also document BCRYPT_MAX_ROUNDS--> &ENCRYPT_METHOD; &MAX_MEMBERS_PER_GROUP; &MD5_CRYPT_ENAB; &SHA_CRYPT_MIN_ROUNDS; <!--This also document SHA_CRYPT_MAX_ROUNDS--> + &YESCRYPT_COST_FACTOR; </variablelist> </refsect1> |