]> Julianne Frances Haugh Creation, 1991 Thomas Kłoczko kloczek@pld.org.pl shadow-utils maintainer, 2000 - 2007 Nicolas François nicolas.francois@centraliens.net shadow-utils maintainer, 2007 - now login.defs 5 File Formats and Configuration Files shadow-utils &SHADOW_UTILS_VERSION; login.defs shadow password suite configuration The /etc/login.defs file defines the site-specific configuration for the shadow password suite. This file is required. Absence of this file will not prevent system operation, but will probably result in undesirable operation. This file is a readable text file, each line of the file describing one configuration parameter. The lines consist of a configuration name and value, separated by whitespace. Blank lines and comment lines are ignored. Comments are introduced with a "#" pound sign and the pound sign must be the first non-white character of the line. Parameter values may be of four types: strings, booleans, numbers, and long numbers. A string is comprised of any printable characters. A boolean should be either the value yes or no. An undefined boolean parameter or one with a value other than these will be given a no value. Numbers (both regular and long) may be either decimal values, octal values (precede the value with 0) or hexadecimal values (precede the value with 0x). The maximum value of the regular and long numeric parameters is machine-dependent. The following configuration items are provided: &CHFN_AUTH; &CHFN_RESTRICT; &CHSH_AUTH; &CONSOLE; &CONSOLE_GROUPS; &CREATE_HOME; &DEFAULT_HOME; &ENCRYPT_METHOD; &ENV_HZ; &ENV_PATH; &ENV_SUPATH; &ENV_TZ; &ENVIRON_FILE; &ERASECHAR; &FAIL_DELAY; &FAILLOG_ENAB; &FAKE_SHELL; &FTMP_FILE; &GID_MAX; &HMAC_CRYPTO_ALGO; &HOME_MODE; &HUSHLOGIN_FILE; &ISSUE_FILE; &KILLCHAR; &LASTLOG_ENAB; &LASTLOG_UID_MAX; &LOG_OK_LOGINS; &LOG_UNKFAIL_ENAB; &LOGIN_RETRIES; &LOGIN_STRING; &LOGIN_TIMEOUT; &MAIL_CHECK_ENAB; &MAIL_DIR; &MAX_MEMBERS_PER_GROUP; &MD5_CRYPT_ENAB; &MOTD_FILE; &NOLOGINS_FILE; &NONEXISTENT; &OBSCURE_CHECKS_ENAB; &PASS_ALWAYS_WARN; &PASS_CHANGE_TRIES; &PASS_MAX_DAYS; &PASS_MIN_DAYS; &PASS_WARN_AGE; PASS_MAX_DAYS, PASS_MIN_DAYS and PASS_WARN_AGE are only used at the time of account creation. Any changes to these settings won't affect existing accounts. &PASS_MAX_LEN; &PORTTIME_CHECKS_ENAB; "AS_ENAB; &SHA_CRYPT_MIN_ROUNDS; &SULOG_FILE; &SU_NAME; &SU_WHEEL_ONLY; &SUB_GID_COUNT; &SUB_UID_COUNT; &SYS_GID_MAX; &SYS_UID_MAX; &SYSLOG_SG_ENAB; &SYSLOG_SU_ENAB; &TCB_AUTH_GROUP; &TCB_SYMLINKS; &TTYGROUP; &TTYTYPE_FILE; &UID_MAX; &ULIMIT; &UMASK; &USERDEL_CMD; &USERGROUPS_ENAB; &USE_TCB; The following cross references show which programs in the shadow password suite use which parameters. chage USE_TCB chfn CHFN_AUTH CHFN_RESTRICT LOGIN_STRING chgpasswd ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS chpasswd ENCRYPT_METHOD MD5_CRYPT_ENAB SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS chsh CHSH_AUTH LOGIN_STRING gpasswd ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS groupadd GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN groupdel MAX_MEMBERS_PER_GROUP groupmems MAX_MEMBERS_PER_GROUP groupmod MAX_MEMBERS_PER_GROUP grpck MAX_MEMBERS_PER_GROUP grpconv MAX_MEMBERS_PER_GROUP grpunconv MAX_MEMBERS_PER_GROUP lastlog LASTLOG_UID_MAX login CONSOLE CONSOLE_GROUPS DEFAULT_HOME ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE ERASECHAR FAIL_DELAY FAILLOG_ENAB FAKE_SHELL FTMP_FILE HUSHLOGIN_FILE ISSUE_FILE KILLCHAR LASTLOG_ENAB LASTLOG_UID_MAX LOGIN_RETRIES LOGIN_STRING LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB QUOTAS_ENAB TTYGROUP TTYPERM TTYTYPE_FILE ULIMIT UMASK USERGROUPS_ENAB newgrp / sg SYSLOG_SG_ENAB newusers ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK passwd ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS pwck PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE TCB_AUTH_GROUP TCB_SYMLINKS USE_TCB pwconv PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE USE_TCB pwunconv USE_TCB su CONSOLE CONSOLE_GROUPS DEFAULT_HOME ENV_HZ ENVIRON_FILE ENV_PATH ENV_SUPATH ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB SULOG_FILE SU_NAME SU_WHEEL_ONLY SYSLOG_SU_ENAB USERGROUPS_ENAB sulogin ENV_HZ ENV_TZ useradd CREATE_HOME GID_MAX GID_MIN HOME_MODE LASTLOG_UID_MAX MAIL_DIR MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK TCB_AUTH_GROUP TCB_SYMLINK USE_TCB userdel MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP USERDEL_CMD USERGROUPS_ENAB TCB_SYMLINKS USE_TCB usermod LASTLOG_UID_MAX MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP TCB_SYMLINKS USE_TCB vipw USE_TCB Much of the functionality that used to be provided by the shadow password suite is now handled by PAM. Thus, /etc/login.defs is no longer used by passwd1 , or less used by login1 , and su1 . Please refer to the corresponding PAM configuration files instead. login1 , passwd1 , su1 , passwd5 , shadow5 , pam8 .