diff options
Diffstat (limited to 'man/login.defs.d')
| -rw-r--r-- | man/login.defs.d/BCRYPT_MIN_ROUNDS.xml | 40 | ||||
| -rw-r--r-- | man/login.defs.d/CONSOLE_GROUPS.xml | 2 | ||||
| -rw-r--r-- | man/login.defs.d/ENCRYPT_METHOD.xml | 6 | ||||
| -rw-r--r-- | man/login.defs.d/ENV_HZ.xml | 7 | ||||
| -rw-r--r-- | man/login.defs.d/PASS_WARN_AGE.xml | 4 | ||||
| -rw-r--r-- | man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml | 2 | ||||
| -rw-r--r-- | man/login.defs.d/TTYGROUP.xml | 11 | ||||
| -rw-r--r-- | man/login.defs.d/YESCRYPT_COST_FACTOR.xml | 29 |
8 files changed, 84 insertions, 17 deletions
diff --git a/man/login.defs.d/BCRYPT_MIN_ROUNDS.xml b/man/login.defs.d/BCRYPT_MIN_ROUNDS.xml new file mode 100644 index 0000000..81ee5c9 --- /dev/null +++ b/man/login.defs.d/BCRYPT_MIN_ROUNDS.xml @@ -0,0 +1,40 @@ +<!-- + SPDX-FileCopyrightText: 2007 - 2008, Nicolas François + SPDX-License-Identifier: BSD-3-Clause +--> +<varlistentry condition="bcrypt"> + <term><option>BCRYPT_MIN_ROUNDS</option> (number)</term> + <term><option>BCRYPT_MAX_ROUNDS</option> (number)</term> + <listitem> + <para> + When <option>ENCRYPT_METHOD</option> is set to + <replaceable>BCRYPT</replaceable>, this defines the number of + BCRYPT rounds used by the encryption algorithm by default (when the + number of rounds is not specified on the command line). + </para> + <para> + With a lot of rounds, it is more difficult to brute force the + password. But note also that more CPU resources will be needed to + authenticate users. + </para> + <para> + The values must be inside the 4-31 range. + </para> + <para> + If only one of the <option>BCRYPT_MIN_ROUNDS</option> or + <option>BCRYPT_MAX_ROUNDS</option> values is set, then this value + will be used. + </para> + <para> + If <option>BCRYPT_MIN_ROUNDS</option> > + <option>BCRYPT_MAX_ROUNDS</option>, the highest value will be + used. + </para> + <para condition="pam"> + Note: This only affect the generation of group passwords. + The generation of user passwords is done by PAM and subject to the + PAM configuration. It is recommended to set this variable + consistently with the PAM configuration. + </para> + </listitem> +</varlistentry> diff --git a/man/login.defs.d/CONSOLE_GROUPS.xml b/man/login.defs.d/CONSOLE_GROUPS.xml index 0fd874c..1875bc6 100644 --- a/man/login.defs.d/CONSOLE_GROUPS.xml +++ b/man/login.defs.d/CONSOLE_GROUPS.xml @@ -4,7 +4,7 @@ SPDX-FileCopyrightText: 2007 - 2008, Nicolas François SPDX-License-Identifier: BSD-3-Clause --> -<varlistentry> +<varlistentry condition="no_pam"> <term><option>CONSOLE_GROUPS</option> (string)</term> <listitem> <para> diff --git a/man/login.defs.d/ENCRYPT_METHOD.xml b/man/login.defs.d/ENCRYPT_METHOD.xml index 85dd79b..531ce04 100644 --- a/man/login.defs.d/ENCRYPT_METHOD.xml +++ b/man/login.defs.d/ENCRYPT_METHOD.xml @@ -10,11 +10,13 @@ passwords (if no algorithm are specified on the command line). </para> <para> - It can take one of these values: + It can take one of these values: <phrase condition="bcrypt"> + <replaceable>BCRYPT</replaceable>,</phrase> <replaceable>DES</replaceable> (default), <replaceable>MD5</replaceable><phrase condition="sha_crypt">, <replaceable>SHA256</replaceable>, - <replaceable>SHA512</replaceable></phrase>. + <replaceable>SHA512</replaceable></phrase><phrase condition="yescrypt">, + <replaceable>YESCRYPT</replaceable></phrase>. MD5 and DES should not be used for new hashes, see <refentrytitle>crypt</refentrytitle><manvolnum>5</manvolnum> for recommendations. diff --git a/man/login.defs.d/ENV_HZ.xml b/man/login.defs.d/ENV_HZ.xml index daf1752..e1298cb 100644 --- a/man/login.defs.d/ENV_HZ.xml +++ b/man/login.defs.d/ENV_HZ.xml @@ -4,8 +4,7 @@ SPDX-FileCopyrightText: 2007 - 2008, Nicolas François SPDX-License-Identifier: BSD-3-Clause --> -<varlistentry> - <!-- XXX: When compiled with PAM support, only sulogin uses ENV_HZ --> +<varlistentry condition="no_pam"> <term><option>ENV_HZ</option> (string)</term> <listitem> <para> @@ -14,10 +13,6 @@ <replaceable>HZ=</replaceable>. A common value on Linux is <replaceable>HZ=100</replaceable>. </para> - <para condition="pam"> - The <envar>HZ</envar> environment variable is only set when the user - (the superuser) logs in with <command>sulogin</command>. - </para> <!-- TODO: it can in fact be used to set any other variable--> </listitem> </varlistentry> diff --git a/man/login.defs.d/PASS_WARN_AGE.xml b/man/login.defs.d/PASS_WARN_AGE.xml index 0feeb7e..f55afaf 100644 --- a/man/login.defs.d/PASS_WARN_AGE.xml +++ b/man/login.defs.d/PASS_WARN_AGE.xml @@ -9,8 +9,8 @@ <listitem> <para> The number of days warning given before a password expires. A zero - means warning is given only upon the day of expiration, a negative - value means no warning is given. If not specified, no warning will + means warning is given only upon the day of expiration, a value of + -1 means no warning is given. If not specified, no warning will be provided. </para> </listitem> diff --git a/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml b/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml index 43972d7..a22c324 100644 --- a/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml +++ b/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml @@ -14,7 +14,7 @@ of rounds is not specified on the command line). </para> <para> - With a lot of rounds, it is more difficult to brute forcing the + With a lot of rounds, it is more difficult to brute force the password. But note also that more CPU resources will be needed to authenticate users. </para> diff --git a/man/login.defs.d/TTYGROUP.xml b/man/login.defs.d/TTYGROUP.xml index e7cb53d..8e0a9e8 100644 --- a/man/login.defs.d/TTYGROUP.xml +++ b/man/login.defs.d/TTYGROUP.xml @@ -14,15 +14,16 @@ <option>TTYPERM</option>. </para> <para> - By default, the ownership of the terminal is set to the user's - primary group and the permissions are set to - <replaceable>0600</replaceable>. - </para> - <para> <option>TTYGROUP</option> can be either the name of a group or a numeric group identifier. </para> <para> + If TTYGROUP is not defined, then the group ownership of the terminal is + set to the user's primary group. If TTYPERM is not defined, then the + permissions are set to + <replaceable>0600</replaceable>. + </para> + <para> If you have a <command>write</command> program which is "setgid" to a special group which owns the terminals, define TTYGROUP to the group number and TTYPERM to 0620. Otherwise leave TTYGROUP diff --git a/man/login.defs.d/YESCRYPT_COST_FACTOR.xml b/man/login.defs.d/YESCRYPT_COST_FACTOR.xml new file mode 100644 index 0000000..b9c5314 --- /dev/null +++ b/man/login.defs.d/YESCRYPT_COST_FACTOR.xml @@ -0,0 +1,29 @@ +<!-- + SPDX-FileCopyrightText: 2007 - 2008, Nicolas François + SPDX-License-Identifier: BSD-3-Clause +--> +<varlistentry condition="yescrypt"> + <term><option>YESCRYPT_COST_FACTOR</option> (number)</term> + <listitem> + <para> + When <option>ENCRYPT_METHOD</option> is set to + <replaceable>YESCRYPT</replaceable>, this defines the cost factor + used by the encryption algorithm by default (when the cost factor + is not specified on the command line). + </para> + <para> + With a high cost factor, it is more difficult to brute force the + password. But note also that more CPU resources will be needed to + authenticate users. + </para> + <para> + The value must be inside the 1-11 range. + </para> + <para condition="pam"> + Note: This only affect the generation of group passwords. + The generation of user passwords is done by PAM and subject to the + PAM configuration. It is recommended to set this variable + consistently with the PAM configuration. + </para> + </listitem> +</varlistentry> |