2007-10-07 17:14:08 +05:30
|
|
|
#
|
|
|
|
# /etc/login.defs - Configuration control definitions for the login package.
|
|
|
|
#
|
2007-10-07 17:14:14 +05:30
|
|
|
# $Id: login.defs.hurd,v 1.2 2000/08/26 18:27:10 marekm Exp $
|
2007-10-07 17:14:08 +05:30
|
|
|
#
|
|
|
|
# One item must be defined: MAIL_DIR.
|
|
|
|
# If unspecified, some arbitrary (and possibly incorrect) value will
|
|
|
|
# be assumed. All other items are optional - if not specified then
|
|
|
|
# the described action or option will be inhibited.
|
|
|
|
#
|
|
|
|
# Comment lines (lines beginning with "#") and blank lines are ignored.
|
|
|
|
#
|
|
|
|
# Modified for the Hurd. --brinkmd
|
|
|
|
|
|
|
|
#
|
|
|
|
# Enable additional checks upon password changes.
|
|
|
|
#
|
|
|
|
OBSCURE_CHECKS_ENAB yes
|
|
|
|
|
|
|
|
#
|
|
|
|
# *REQUIRED*
|
|
|
|
# Directory where mailboxes reside, _or_ name of file, relative to the
|
|
|
|
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
|
|
|
|
# QMAIL_DIR is for Qmail
|
|
|
|
#
|
|
|
|
#QMAIL_DIR Maildir
|
|
|
|
MAIL_DIR /var/spool/mail
|
|
|
|
#MAIL_FILE .mail
|
|
|
|
|
|
|
|
#
|
|
|
|
# Password aging controls:
|
|
|
|
#
|
|
|
|
# PASS_MAX_DAYS Maximum number of days a password may be used.
|
|
|
|
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
|
|
|
|
# PASS_MIN_LEN Minimum acceptable password length.
|
|
|
|
# PASS_WARN_AGE Number of days warning given before a password expires.
|
|
|
|
#
|
|
|
|
PASS_MAX_DAYS 99999
|
|
|
|
PASS_MIN_DAYS 0
|
|
|
|
PASS_MIN_LEN 5
|
|
|
|
PASS_WARN_AGE 7
|
|
|
|
|
|
|
|
#
|
|
|
|
# If compiled with cracklib support, where are the dictionaries
|
|
|
|
#
|
|
|
|
#CRACKLIB_DICTPATH /usr/lib/passwd/pw_dict
|
|
|
|
|
|
|
|
#
|
|
|
|
# Min/max values for automatic uid selection in useradd
|
|
|
|
#
|
|
|
|
UID_MIN 1000
|
|
|
|
UID_MAX 60000
|
|
|
|
|
|
|
|
#
|
|
|
|
# Min/max values for automatic gid selection in groupadd
|
|
|
|
#
|
|
|
|
GID_MIN 100
|
|
|
|
GID_MAX 60000
|
|
|
|
|
|
|
|
#
|
|
|
|
# Maximum number of attempts to change password if rejected (too easy)
|
|
|
|
#
|
|
|
|
PASS_CHANGE_TRIES 5
|
|
|
|
|
|
|
|
#
|
|
|
|
# Warn about weak passwords (but still allow them) if you are root.
|
|
|
|
#
|
|
|
|
PASS_ALWAYS_WARN yes
|
|
|
|
|
|
|
|
#
|
|
|
|
# Number of significant characters in the password for crypt().
|
|
|
|
# Default is 8, don't change unless your crypt() is better.
|
|
|
|
# Ignored if MD5_CRYPT_ENAB set to "yes".
|
|
|
|
#
|
|
|
|
#PASS_MAX_LEN 8
|
|
|
|
|
|
|
|
#
|
|
|
|
# Require password before chfn/chsh can make any changes.
|
|
|
|
#
|
|
|
|
CHFN_AUTH yes
|
|
|
|
|
|
|
|
#
|
|
|
|
# Which fields may be changed by regular users using chfn - use
|
|
|
|
# any combination of letters "frwh" (full name, room number, work
|
|
|
|
# phone, home phone). If not defined, no changes are allowed.
|
|
|
|
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
|
|
|
|
#
|
|
|
|
CHFN_RESTRICT rwh
|
|
|
|
|
|
|
|
#
|
|
|
|
# Password prompt (%s will be replaced by user name).
|
|
|
|
#
|
|
|
|
# XXX - it doesn't work correctly yet, for now leave it commented out
|
|
|
|
# to use the default which is just "Password: ".
|
|
|
|
#LOGIN_STRING "%s's Password: "
|
|
|
|
|
|
|
|
#
|
|
|
|
# Only works if compiled with MD5_CRYPT defined:
|
|
|
|
# If set to "yes", new passwords will be encrypted using the MD5-based
|
|
|
|
# algorithm compatible with the one used by recent releases of FreeBSD.
|
|
|
|
# It supports passwords of unlimited length and longer salt strings.
|
|
|
|
# Set to "no" if you need to copy encrypted passwords to other systems
|
|
|
|
# which don't understand the new algorithm. Default is "no".
|
|
|
|
#
|
|
|
|
#MD5_CRYPT_ENAB no
|
|
|
|
|
|
|
|
#
|
|
|
|
# If defined, this command is run when removing a user.
|
|
|
|
# It should remove any at/cron/print jobs etc. owned by
|
|
|
|
# the user to be removed (passed as the first argument).
|
|
|
|
#
|
|
|
|
#USERDEL_CMD /usr/sbin/userdel_local
|
|
|
|
|
|
|
|
#
|
|
|
|
# When prompting for password without echo, getpass() can optionally
|
|
|
|
# display a random number (in the range 1 to GETPASS_ASTERISKS) of '*'
|
|
|
|
# characters for each character typed. This feature is designed to
|
|
|
|
# confuse people looking over your shoulder when you enter a password :-).
|
|
|
|
# Also, the new getpass() accepts both Backspace (8) and Delete (127)
|
|
|
|
# keys to delete previous character (to cope with different terminal
|
|
|
|
# types), Control-U to delete all characters, and beeps when there are
|
|
|
|
# no more characters to delete, or too many characters entered.
|
|
|
|
#
|
|
|
|
# Setting GETPASS_ASTERISKS to 1 results in more traditional behaviour -
|
|
|
|
# exactly one '*' displayed for each character typed.
|
|
|
|
#
|
|
|
|
# Setting GETPASS_ASTERISKS to 0 disables the '*' characters (Backspace,
|
|
|
|
# Delete, Control-U and beep continue to work as described above).
|
|
|
|
#
|
|
|
|
# Setting GETPASS_ASTERISKS to -1 reverts to the traditional getpass()
|
|
|
|
# without any new features. This is the default.
|
|
|
|
#
|
|
|
|
#GETPASS_ASTERISKS 1
|
|
|
|
|
|
|
|
#
|
|
|
|
# Enable setting of the umask group bits to be the same as owner bits
|
|
|
|
# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
|
|
|
|
# the same as gid, and username is the same as the primary group name.
|
|
|
|
#
|
2007-10-07 17:14:14 +05:30
|
|
|
# This also enables userdel to remove user groups if no members exist.
|
|
|
|
#
|
2007-10-07 17:14:08 +05:30
|
|
|
USERGROUPS_ENAB yes
|
|
|
|
|