shadow/man/login.defs.5.xml

321 lines
9.7 KiB
XML
Raw Normal View History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
<!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
<!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
<!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
<!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
<!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
<!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
<!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
<!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
<!ENTITY USERDEL_CMD SYSTEM "login.defs.d/USERDEL_CMD.xml">
]>
<refentry id='login.defs.5'>
<!-- $Id$ -->
<refmeta>
<refentrytitle>login.defs</refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>login.defs</refname>
<refpurpose>shadow password suite configuration</refpurpose>
</refnamediv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
The <filename>/etc/login.defs</filename> file defines the
site-specific configuration for the shadow password suite. This file
is required. Absence of this file will not prevent system operation,
but will probably result in undesirable operation.
</para>
<para>
This file is a readable text file, each line of the file describing
one configuration parameter. The lines consist of a configuration name
and value, separated by whitespace. Blank lines and comment lines are
ignored. Comments are introduced with a "#" pound sign and the pound
sign must be the first non-white character of the line.
</para>
<para>
Parameter values may be of four types: strings, booleans, numbers, and
long numbers. A string is comprised of any printable characters. A
boolean should be either the value <replaceable>yes</replaceable> or
<replaceable>no</replaceable>. An undefined boolean
parameter or one with a value other than these will be given a
<replaceable>no</replaceable>
value. Numbers (both regular and long) may be either decimal values,
octal values (precede the value with <replaceable>0</replaceable>) or
hexadecimal values
(precede the value with <replaceable>0x</replaceable>).
The maximum value of the regular and
long numeric parameters is machine-dependent.
</para>
<para>The following configuration items are provided:</para>
<variablelist remap='IP'>
&CHFN_AUTH;
&CHFN_RESTRICT;
&CHSH_AUTH;
&ENCRYPT_METHOD;
&GID_MAX; <!--document also GID_MIN-->
&LOGIN_STRING;
&MAIL_DIR;
&MAX_MEMBERS_PER_GROUP;
&MD5_CRYPT_ENAB;
&PASS_MAX_DAYS;
&PASS_MIN_DAYS;
&PASS_WARN_AGE;
</variablelist>
<para>
<option>PASS_MAX_DAYS</option>, <option>PASS_MIN_DAYS</option> and
<option>PASS_WARN_AGE</option> are only used at the
time of account creation. Any changes to these settings won't affect
existing accounts.
</para>
<variablelist remap='IP'>
&SHA_CRYPT_MIN_ROUNDS; <!--document also SHA_CRYPT_MAX_ROUNDS-->
&UID_MAX; <!--document also UID_MIN-->
&UMASK;
&USERDEL_CMD;
</variablelist>
</refsect1>
<refsect1 id='cross_references'>
<title>CROSS REFERENCES</title>
<para>
The following cross references show which programs in the shadow
password suite use which parameters.
</para>
<!-- .na -->
<variablelist remap='IP'>
<!-- chage: no variables -->
<varlistentry>
<term>chfn</term>
<listitem>
<para>
<phrase condition="no_pam">CHFN_AUTH</phrase>
CHFN_RESTRICT
<phrase condition="no_pam">LOGIN_STRING</phrase>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>chgpasswd</term>
<listitem>
<para>
ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>chpasswd</term>
<listitem>
<para>
ENCRYPT_METHOD MD5_CRYPT_ENAB SHA_CRYPT_MAX_ROUNDS
SHA_CRYPT_MIN_ROUNDS
</para>
</listitem>
</varlistentry>
<varlistentry condition="no_pam">
<term>chsh</term>
<listitem>
<para>
CHSH_AUTH LOGIN_STRING
</para>
</listitem>
</varlistentry>
<!-- expiry: no variables (CONSOLE_GROUPS linked, but not used) -->
<!-- faillog: no variables -->
<varlistentry>
<term>gpasswd</term>
<listitem>
<para>
ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>groupadd</term>
<listitem>
<para>GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP</para>
</listitem>
</varlistentry>
<varlistentry>
<term>groupdel</term>
<listitem>
<para>MAX_MEMBERS_PER_GROUP</para>
</listitem>
</varlistentry>
<varlistentry>
<term>groupmod</term>
<listitem>
<para>MAX_MEMBERS_PER_GROUP</para>
</listitem>
</varlistentry>
<!-- groups: no variables -->
<varlistentry>
<term>grpck</term>
<listitem>
<para>MAX_MEMBERS_PER_GROUP</para>
</listitem>
</varlistentry>
<varlistentry>
<term>grpconv</term>
<listitem>
<para>MAX_MEMBERS_PER_GROUP</para>
</listitem>
</varlistentry>
<varlistentry>
<term>grpunconv</term>
<listitem>
<para>MAX_MEMBERS_PER_GROUP</para>
</listitem>
</varlistentry>
<!-- id: no variables -->
<!-- lastlog: no variables -->
<varlistentry>
<term>login</term>
<listitem>
<para>
CONSOLE CONSOLE_GROUPS DEFAULT_HOME ENV_HZ ENV_PATH ENV_SUPATH
ENV_TZ ENVIRON_FILE ERASECHAR FAIL_DELAY FAILLOG_ENAB
FAKE_SHELL FTMP_FILE HUSHLOGIN_FILE ISSUE_FILE KILLCHAR
LASTLOG_ENAB LOGIN_RETRIES LOGIN_STRING LOGIN_TIMEOUT
LOG_OK_LOGINS LOG_UNKFAIL_ENAB MAIL_CHECK_ENAB MAIL_DIR
MAIL_FILE MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
QUOTAS_ENAB TTYGROUP TTYPERM TTYTYPE_FILE ULIMIT UMASK
USERGROUPS_ENAB
</para>
</listitem>
</varlistentry>
<!-- logoutd: no variables -->
<varlistentry>
<term>newgrp</term>
<listitem>
<para>
SYSLOG_SG_ENAB
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>newusers</term>
<listitem>
<para>
ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE SHA_CRYPT_MIN_ROUNDS
UMASK
</para>
</listitem>
</varlistentry>
<!-- nologin: no variables -->
<varlistentry>
<term>passwd</term>
<listitem>
<para>
ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>pwck</term>
<listitem>
<para>
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>pwconv</term>
<listitem>
<para>PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE</para>
</listitem>
</varlistentry>
<!-- pwunconv: no variables -->
<varlistentry>
<term>useradd</term>
<listitem>
<para>
GID_MAX GID_MIN
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
UID_MAX UID_MIN
UMASK
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>userdel</term>
<listitem>
<para>MAIL_DIR
USERDEL_CMD
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>usermod</term>
<listitem>
<para>MAIL_DIR</para>
<!-- .ad -->
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='bugs'>
<title>BUGS</title>
<para>
Much of the functionality that used to be provided by the shadow
password suite is now handled by PAM. Thus,
<filename>/etc/login.defs</filename> is no longer used by programs
such as: <citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>. Please refer to the corresponding PAM configuration
files instead.
</para>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>