summaryrefslogtreecommitdiffstats
path: root/man/passwd.1.xml
diff options
context:
space:
mode:
Diffstat (limited to 'man/passwd.1.xml')
-rw-r--r--man/passwd.1.xml73
1 files changed, 52 insertions, 21 deletions
diff --git a/man/passwd.1.xml b/man/passwd.1.xml
index 52b8637..506b134 100644
--- a/man/passwd.1.xml
+++ b/man/passwd.1.xml
@@ -6,6 +6,7 @@
-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY BCRYPT_MIN_ROUNDS SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
<!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
@@ -13,6 +14,7 @@
<!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
<!ENTITY PASS_MAX_LEN SYSTEM "login.defs.d/PASS_MAX_LEN.xml">
<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+<!ENTITY YESCRYPT_COST_FACTOR SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml">
<!-- SHADOW-CONFIG-HERE -->
]>
<refentry id='passwd.1'>
@@ -94,27 +96,10 @@
</para>
<para>
- Then, the password is tested for complexity. As a general guideline,
- passwords should consist of 6 to 8 characters including one or more
- characters from each of the following sets:
- </para>
-
- <itemizedlist mark='bullet'>
- <listitem>
- <para>lower case alphabetics</para>
- </listitem>
- <listitem>
- <para>digits 0 thru 9</para>
- </listitem>
- <listitem>
- <para>punctuation marks</para>
- </listitem>
- </itemizedlist>
-
- <para>
- Care must be taken not to include the system default erase or kill
- characters. <command>passwd</command> will reject any password which
- is not suitably complex.
+ Then, the password is tested for complexity.
+ <command>passwd</command> will reject any password which is not
+ suitably complex. Care must be taken not to include the system
+ default erase or kill characters.
</para>
</refsect2>
@@ -140,6 +125,17 @@
</para>
<para>
+ As a general guideline, passwords should be long and random. It's
+ fine to use simple character sets, such as passwords consisting
+ only of lowercase letters, if that helps memorizing longer
+ passwords. For a password consisting only of lowercase English
+ letters randomly chosen, and a length of 32, there are 26^32
+ (approximately 2^150) different possible combinations. Being an
+ exponential equation, it's apparent that the exponent (the length)
+ is more important than the base (the size of the character set).
+ </para>
+
+ <para>
You can find advice on how to choose a strong password on
http://en.wikipedia.org/wiki/Password_strength
</para>
@@ -288,6 +284,21 @@
</varlistentry>
<varlistentry>
<term>
+ <option>-P</option>, <option>--prefix</option>&nbsp;<replaceable>PREFIX_DIR</replaceable>
+ </term>
+ <listitem>
+ <para>
+ Apply changes to configuration files under the root filesystem
+ found under the directory <replaceable>PREFIX_DIR</replaceable>.
+ This option does not chroot and is intended for preparing a cross-compilation
+ target. Some limitations: NIS and LDAP users/groups are
+ not verified. PAM authentication is using the host files.
+ No SELINUX support.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
<option>-S</option>, <option>--status</option>
</term>
<listitem>
@@ -347,6 +358,17 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <option>-s</option>, <option>--stdin</option>
+ </term>
+ <listitem>
+ <para>
+ This option is used to indicate that passwd should read the new password from standard
+ input, which can be a pipe.
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
@@ -474,6 +496,9 @@
<refentrytitle>chpasswd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
+ <refentrytitle>makepasswd</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
@@ -488,5 +513,11 @@
<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
+
+ <para>
+ The following web page comically (yet correctly) compares the
+ strength of two different methods for choosing a password:
+ "https://xkcd.com/936/"
+ </para>
</refsect1>
</refentry>