From 6c3ea4f47ea280811a7fe53a22f7832e4533c9ec Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 26 Jun 2024 18:18:36 +0200 Subject: Adding upstream version 1:4.15.2. Signed-off-by: Daniel Baumann --- man/login.defs.d/BCRYPT_MIN_ROUNDS.xml | 40 +++++++++++++++++++++++++++++++ man/login.defs.d/CONSOLE_GROUPS.xml | 2 +- man/login.defs.d/ENCRYPT_METHOD.xml | 6 +++-- man/login.defs.d/ENV_HZ.xml | 7 +----- man/login.defs.d/PASS_WARN_AGE.xml | 4 ++-- man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml | 2 +- man/login.defs.d/TTYGROUP.xml | 11 +++++---- man/login.defs.d/YESCRYPT_COST_FACTOR.xml | 29 ++++++++++++++++++++++ 8 files changed, 84 insertions(+), 17 deletions(-) create mode 100644 man/login.defs.d/BCRYPT_MIN_ROUNDS.xml create mode 100644 man/login.defs.d/YESCRYPT_COST_FACTOR.xml (limited to 'man/login.defs.d') diff --git a/man/login.defs.d/BCRYPT_MIN_ROUNDS.xml b/man/login.defs.d/BCRYPT_MIN_ROUNDS.xml new file mode 100644 index 0000000..81ee5c9 --- /dev/null +++ b/man/login.defs.d/BCRYPT_MIN_ROUNDS.xml @@ -0,0 +1,40 @@ + + + (number) + (number) + + + When is set to + BCRYPT, this defines the number of + BCRYPT rounds used by the encryption algorithm by default (when the + number of rounds is not specified on the command line). + + + With a lot of rounds, it is more difficult to brute force the + password. But note also that more CPU resources will be needed to + authenticate users. + + + The values must be inside the 4-31 range. + + + If only one of the or + values is set, then this value + will be used. + + + If > + , the highest value will be + used. + + + Note: This only affect the generation of group passwords. + The generation of user passwords is done by PAM and subject to the + PAM configuration. It is recommended to set this variable + consistently with the PAM configuration. + + + diff --git a/man/login.defs.d/CONSOLE_GROUPS.xml b/man/login.defs.d/CONSOLE_GROUPS.xml index 0fd874c..1875bc6 100644 --- a/man/login.defs.d/CONSOLE_GROUPS.xml +++ b/man/login.defs.d/CONSOLE_GROUPS.xml @@ -4,7 +4,7 @@ SPDX-FileCopyrightText: 2007 - 2008, Nicolas François SPDX-License-Identifier: BSD-3-Clause --> - + (string) diff --git a/man/login.defs.d/ENCRYPT_METHOD.xml b/man/login.defs.d/ENCRYPT_METHOD.xml index 85dd79b..531ce04 100644 --- a/man/login.defs.d/ENCRYPT_METHOD.xml +++ b/man/login.defs.d/ENCRYPT_METHOD.xml @@ -10,11 +10,13 @@ passwords (if no algorithm are specified on the command line). - It can take one of these values: + It can take one of these values: + BCRYPT, DES (default), MD5, SHA256, - SHA512. + SHA512, + YESCRYPT. MD5 and DES should not be used for new hashes, see crypt5 for recommendations. diff --git a/man/login.defs.d/ENV_HZ.xml b/man/login.defs.d/ENV_HZ.xml index daf1752..e1298cb 100644 --- a/man/login.defs.d/ENV_HZ.xml +++ b/man/login.defs.d/ENV_HZ.xml @@ -4,8 +4,7 @@ SPDX-FileCopyrightText: 2007 - 2008, Nicolas François SPDX-License-Identifier: BSD-3-Clause --> - - + (string) @@ -14,10 +13,6 @@ HZ=. A common value on Linux is HZ=100. - - The HZ environment variable is only set when the user - (the superuser) logs in with sulogin. - diff --git a/man/login.defs.d/PASS_WARN_AGE.xml b/man/login.defs.d/PASS_WARN_AGE.xml index 0feeb7e..f55afaf 100644 --- a/man/login.defs.d/PASS_WARN_AGE.xml +++ b/man/login.defs.d/PASS_WARN_AGE.xml @@ -9,8 +9,8 @@ The number of days warning given before a password expires. A zero - means warning is given only upon the day of expiration, a negative - value means no warning is given. If not specified, no warning will + means warning is given only upon the day of expiration, a value of + -1 means no warning is given. If not specified, no warning will be provided. diff --git a/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml b/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml index 43972d7..a22c324 100644 --- a/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml +++ b/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml @@ -14,7 +14,7 @@ of rounds is not specified on the command line). - With a lot of rounds, it is more difficult to brute forcing the + With a lot of rounds, it is more difficult to brute force the password. But note also that more CPU resources will be needed to authenticate users. diff --git a/man/login.defs.d/TTYGROUP.xml b/man/login.defs.d/TTYGROUP.xml index e7cb53d..8e0a9e8 100644 --- a/man/login.defs.d/TTYGROUP.xml +++ b/man/login.defs.d/TTYGROUP.xml @@ -13,15 +13,16 @@ group, and the permissions will be set to . - - By default, the ownership of the terminal is set to the user's - primary group and the permissions are set to - 0600. - can be either the name of a group or a numeric group identifier. + + If TTYGROUP is not defined, then the group ownership of the terminal is + set to the user's primary group. If TTYPERM is not defined, then the + permissions are set to + 0600. + If you have a write program which is "setgid" to a special group which owns the terminals, define TTYGROUP to the diff --git a/man/login.defs.d/YESCRYPT_COST_FACTOR.xml b/man/login.defs.d/YESCRYPT_COST_FACTOR.xml new file mode 100644 index 0000000..b9c5314 --- /dev/null +++ b/man/login.defs.d/YESCRYPT_COST_FACTOR.xml @@ -0,0 +1,29 @@ + + + (number) + + + When is set to + YESCRYPT, this defines the cost factor + used by the encryption algorithm by default (when the cost factor + is not specified on the command line). + + + With a high cost factor, it is more difficult to brute force the + password. But note also that more CPU resources will be needed to + authenticate users. + + + The value must be inside the 1-11 range. + + + Note: This only affect the generation of group passwords. + The generation of user passwords is done by PAM and subject to the + PAM configuration. It is recommended to set this variable + consistently with the PAM configuration. + + + -- cgit v1.2.3