diff options
Diffstat (limited to 'man/chpasswd.8.xml')
-rw-r--r-- | man/chpasswd.8.xml | 80 |
1 files changed, 61 insertions, 19 deletions
diff --git a/man/chpasswd.8.xml b/man/chpasswd.8.xml index 6353419..cffd9df 100644 --- a/man/chpasswd.8.xml +++ b/man/chpasswd.8.xml @@ -6,9 +6,11 @@ --> <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +<!ENTITY BCRYPT_MIN_ROUNDS SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml"> <!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml"> <!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml"> <!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml"> +<!ENTITY YESCRYPT_COST_FACTOR SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml"> <!-- SHADOW-CONFIG-HERE --> ]> @@ -115,12 +117,16 @@ </term> <listitem> <para>Use the specified method to encrypt the passwords.</para> - <para condition="no_sha_crypt"> - The available methods are DES, MD5, and NONE. - </para> - <para condition="sha_crypt"> - The available methods are DES, MD5, NONE, and SHA256 or SHA512 - if your libc support these methods. + <para> + The available methods are <phrase condition="bcrypt"> + <replaceable>BCRYPT</replaceable>,</phrase> + <replaceable>DES</replaceable>, + <replaceable>MD5</replaceable><phrase condition="sha_crypt">, + <replaceable>SHA256</replaceable>, + <replaceable>SHA512</replaceable></phrase><phrase condition="yescrypt">, + <replaceable>YESCRYPT</replaceable></phrase> and + <replaceable>NONE</replaceable> + if your libc supports these methods. </para> <para condition="pam"> By default, PAM is used to encrypt the passwords. @@ -173,7 +179,22 @@ </para> </listitem> </varlistentry> - <varlistentry condition="sha_crypt"> + <varlistentry> + <term> + <option>-P</option>, <option>--prefix</option> <replaceable>PREFIX_DIR</replaceable> + </term> + <listitem> + <para> + Apply changes to configuration files under the root filesystem + found under the directory <replaceable>PREFIX_DIR</replaceable>. + This option does not chroot and is intended for preparing a cross-compilation + target. Some limitations: NIS and LDAP users/groups are + not verified. PAM authentication is using the host files. + No SELINUX support. + </para> + </listitem> + </varlistentry> + <varlistentry condition="bcrypt;sha_crypt;yescrypt"> <term> <option>-s</option>, <option>--sha-rounds</option> <replaceable>ROUNDS</replaceable> </term> @@ -182,23 +203,42 @@ Use the specified number of rounds to encrypt the passwords. </para> <para> - The value 0 means that the system will choose the default - number of rounds for the crypt method (5000). + You can only use this option with crypt method: + <phrase condition="bcrypt"> + <replaceable>BCRYPT</replaceable></phrase> + <phrase condition="sha_crypt"> + <replaceable>SHA256</replaceable> + <replaceable>SHA512</replaceable></phrase> + <phrase condition="yescrypt"> + <replaceable>YESCRYPT</replaceable></phrase> </para> - <para> - A minimal value of 1000 and a maximal value of 999,999,999 - will be enforced. + <para condition="bcrypt"> + By default, the number of rounds for BCRYPT is defined by the + BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in + <filename>/etc/login.defs</filename>. </para> - <para> - You can only use this option with the SHA256 or SHA512 - crypt method. + <para condition="bcrypt"> + A minimal value of 4 and a maximal value of 31 + will be enforced for BCRYPT. The default number of rounds is 13. </para> - <para> - By default, the number of rounds is defined by the - <option>SHA_CRYPT_MIN_ROUNDS</option> and - <option>SHA_CRYPT_MAX_ROUNDS</option> variables in + <para condition="sha_crypt"> + By default, the number of rounds for SHA256 or SHA512 is defined by + the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</filename>. </para> + <para condition="sha_crypt"> + A minimal value of 1000 and a maximal value of 999,999,999 + will be enforced for SHA256 and SHA512. The default number of rounds + is 5000. + </para> + <para condition="yescrypt"> + By default, the number of rounds for YESCRYPT is defined by the + YESCRYPT_COST_FACTOR in <filename>/etc/login.defs</filename>. + </para> + <para condition="yescrypt"> + A minimal value of 1 and a maximal value of 11 + will be enforced for YESCRYPT. The default number of rounds is 5. + </para> </listitem> </varlistentry> </variablelist> @@ -224,7 +264,9 @@ &MD5_CRYPT_ENAB; </variablelist> <variablelist> + &BCRYPT_MIN_ROUNDS; <!--documents also BCRYPT_MAX_ROUNDS--> &SHA_CRYPT_MIN_ROUNDS; <!--documents also SHA_CRYPT_MAX_ROUNDS--> + &YESCRYPT_COST_FACTOR; </variablelist> </refsect1> |