summaryrefslogtreecommitdiffstats
path: root/man/chpasswd.8.xml
diff options
context:
space:
mode:
Diffstat (limited to 'man/chpasswd.8.xml')
-rw-r--r--man/chpasswd.8.xml80
1 files changed, 61 insertions, 19 deletions
diff --git a/man/chpasswd.8.xml b/man/chpasswd.8.xml
index 6353419..cffd9df 100644
--- a/man/chpasswd.8.xml
+++ b/man/chpasswd.8.xml
@@ -6,9 +6,11 @@
-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY BCRYPT_MIN_ROUNDS SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+<!ENTITY YESCRYPT_COST_FACTOR SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml">
<!-- SHADOW-CONFIG-HERE -->
]>
@@ -115,12 +117,16 @@
</term>
<listitem>
<para>Use the specified method to encrypt the passwords.</para>
- <para condition="no_sha_crypt">
- The available methods are DES, MD5, and NONE.
- </para>
- <para condition="sha_crypt">
- The available methods are DES, MD5, NONE, and SHA256 or SHA512
- if your libc support these methods.
+ <para>
+ The available methods are <phrase condition="bcrypt">
+ <replaceable>BCRYPT</replaceable>,</phrase>
+ <replaceable>DES</replaceable>,
+ <replaceable>MD5</replaceable><phrase condition="sha_crypt">,
+ <replaceable>SHA256</replaceable>,
+ <replaceable>SHA512</replaceable></phrase><phrase condition="yescrypt">,
+ <replaceable>YESCRYPT</replaceable></phrase> and
+ <replaceable>NONE</replaceable>
+ if your libc supports these methods.
</para>
<para condition="pam">
By default, PAM is used to encrypt the passwords.
@@ -173,7 +179,22 @@
</para>
</listitem>
</varlistentry>
- <varlistentry condition="sha_crypt">
+ <varlistentry>
+ <term>
+ <option>-P</option>, <option>--prefix</option>&nbsp;<replaceable>PREFIX_DIR</replaceable>
+ </term>
+ <listitem>
+ <para>
+ Apply changes to configuration files under the root filesystem
+ found under the directory <replaceable>PREFIX_DIR</replaceable>.
+ This option does not chroot and is intended for preparing a cross-compilation
+ target. Some limitations: NIS and LDAP users/groups are
+ not verified. PAM authentication is using the host files.
+ No SELINUX support.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry condition="bcrypt;sha_crypt;yescrypt">
<term>
<option>-s</option>, <option>--sha-rounds</option>&nbsp;<replaceable>ROUNDS</replaceable>
</term>
@@ -182,23 +203,42 @@
Use the specified number of rounds to encrypt the passwords.
</para>
<para>
- The value 0 means that the system will choose the default
- number of rounds for the crypt method (5000).
+ You can only use this option with crypt method:
+ <phrase condition="bcrypt">
+ <replaceable>BCRYPT</replaceable></phrase>
+ <phrase condition="sha_crypt">
+ <replaceable>SHA256</replaceable>
+ <replaceable>SHA512</replaceable></phrase>
+ <phrase condition="yescrypt">
+ <replaceable>YESCRYPT</replaceable></phrase>
</para>
- <para>
- A minimal value of 1000 and a maximal value of 999,999,999
- will be enforced.
+ <para condition="bcrypt">
+ By default, the number of rounds for BCRYPT is defined by the
+ BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in
+ <filename>/etc/login.defs</filename>.
</para>
- <para>
- You can only use this option with the SHA256 or SHA512
- crypt method.
+ <para condition="bcrypt">
+ A minimal value of 4 and a maximal value of 31
+ will be enforced for BCRYPT. The default number of rounds is 13.
</para>
- <para>
- By default, the number of rounds is defined by the
- <option>SHA_CRYPT_MIN_ROUNDS</option> and
- <option>SHA_CRYPT_MAX_ROUNDS</option> variables in
+ <para condition="sha_crypt">
+ By default, the number of rounds for SHA256 or SHA512 is defined by
+ the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
<filename>/etc/login.defs</filename>.
</para>
+ <para condition="sha_crypt">
+ A minimal value of 1000 and a maximal value of 999,999,999
+ will be enforced for SHA256 and SHA512. The default number of rounds
+ is 5000.
+ </para>
+ <para condition="yescrypt">
+ By default, the number of rounds for YESCRYPT is defined by the
+ YESCRYPT_COST_FACTOR in <filename>/etc/login.defs</filename>.
+ </para>
+ <para condition="yescrypt">
+ A minimal value of 1 and a maximal value of 11
+ will be enforced for YESCRYPT. The default number of rounds is 5.
+ </para>
</listitem>
</varlistentry>
</variablelist>
@@ -224,7 +264,9 @@
&MD5_CRYPT_ENAB;
</variablelist>
<variablelist>
+ &BCRYPT_MIN_ROUNDS; <!--documents also BCRYPT_MAX_ROUNDS-->
&SHA_CRYPT_MIN_ROUNDS; <!--documents also SHA_CRYPT_MAX_ROUNDS-->
+ &YESCRYPT_COST_FACTOR;
</variablelist>
</refsect1>