Document the variables used by chpasswd. The definitions are copied from
login.defs. I should try to use a less error prone process for this.
This commit is contained in:
parent
d316ba1b87
commit
f0ccf72107
@ -1,3 +1,9 @@
|
|||||||
|
2007-11-22 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
|
* man/chpasswd.8.xml: Document the variables used by chpasswd.
|
||||||
|
The definitions are copied from login.defs. I should try to use a
|
||||||
|
less error prone process for this.
|
||||||
|
|
||||||
2007-11-22 Nicolas François <nicolas.francois@centraliens.net>
|
2007-11-22 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
* man/login.defs.5.xml: Use <replaceable> for the values set by
|
* man/login.defs.5.xml: Use <replaceable> for the values set by
|
||||||
|
@ -128,6 +128,122 @@
|
|||||||
</para>
|
</para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1 id='configuration'>
|
||||||
|
<title>CONFIGURATION</title>
|
||||||
|
<para>
|
||||||
|
The following configuration variables in
|
||||||
|
<filename>/etc/login.defs</filename> change the behavior of this
|
||||||
|
tool:
|
||||||
|
</para>
|
||||||
|
<!--********************************************************************
|
||||||
|
** **
|
||||||
|
** Definitions copied from login.def.5.xml **
|
||||||
|
** **
|
||||||
|
********************************************************************-->
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>MD5_CRYPT_ENAB</option> (boolean)</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Indicate if passwords must be encrypted using the MD5-based
|
||||||
|
algorithm. If set to <replaceable>yes</replaceable>, new
|
||||||
|
passwords will be encrypted
|
||||||
|
using the MD5-based algorithm compatible with the one used by
|
||||||
|
recent releases of FreeBSD. It supports passwords of
|
||||||
|
unlimited length and longer salt strings. Set to
|
||||||
|
<replaceable>no</replaceable> if you
|
||||||
|
need to copy encrypted passwords to other systems which don't
|
||||||
|
understand the new algorithm. Default is
|
||||||
|
<replaceable>no</replaceable>.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
This variable is superceded by the
|
||||||
|
<option>ENCRYPT_METHOD</option> variable or by any command
|
||||||
|
line option.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
This variable is deprecated. You should use
|
||||||
|
<option>ENCRYPT_METHOD</option>.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Note: if you use PAM, it is recommended to set this variable
|
||||||
|
consistently with the PAM modules configuration.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>ENCRYPT_METHOD</option> (string)</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
This defines the system default encryption algorithm for
|
||||||
|
encrypting passwords (if no algorithm are specified on the
|
||||||
|
command line).
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
It can take one of these values:
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para><replaceable>DES</replaceable> (default)</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para><replaceable>MD5</replaceable></para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para><replaceable>SHA256</replaceable></para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para><replaceable>SHA512</replaceable></para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Note: this parameter overrides the
|
||||||
|
<option>MD5_CRYPT_ENAB</option> variable.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Note: if you use PAM, it is recommended to set this variable
|
||||||
|
consistently with the PAM modules configuration.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>SHA_CRYPT_MIN_ROUNDS</option> (number)</term>
|
||||||
|
<term><option>SHA_CRYPT_MAX_ROUNDS</option> (number)</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
When <option>ENCRYPT_METHOD</option> is set to
|
||||||
|
<replaceable>SHA256</replaceable> or
|
||||||
|
<replaceable>SHA512</replaceable>, this defines the number of
|
||||||
|
SHA rounds used by the encryption algorithm by default (when
|
||||||
|
the number of rounds is not specified on the command line).
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
With a lot of rounds, it is more difficult to brute forcing
|
||||||
|
the password. But note also that more CPU resources will be
|
||||||
|
needed to authenticate users.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
If not specified, the libc will choose the default number of
|
||||||
|
rounds (5000).
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The values must be inside the 1000-999999999 range.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
If only one of the <option>SHA_CRYPT_MIN_ROUNDS</option> or
|
||||||
|
<option>SHA_CRYPT_MAX_ROUNDS</option> values is set, then this
|
||||||
|
value will be used.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
If <option>SHA_CRYPT_MIN_ROUNDS</option> >
|
||||||
|
<option>SHA_CRYPT_MAX_ROUNDS</option>, the highest value will
|
||||||
|
be used.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
<refsect1 id='files'>
|
<refsect1 id='files'>
|
||||||
<title>FILES</title>
|
<title>FILES</title>
|
||||||
<variablelist>
|
<variablelist>
|
||||||
|
Loading…
Reference in New Issue
Block a user