69 lines
2.1 KiB
Plaintext
69 lines
2.1 KiB
Plaintext
|
Read this file first for a brief overview of the new versions of login
|
||
|
and passwd.
|
||
|
|
||
|
|
||
|
---Shadow passwords
|
||
|
|
||
|
The command `shadowconfig on' will turn on shadow password support.
|
||
|
`shadowconfig off' will turn it back off. If you turn on shadow
|
||
|
password support, you'll gain the ability to set password ages and
|
||
|
expirations with chage(1).
|
||
|
|
||
|
You may want to install the secure-su package which allows more
|
||
|
restrictions on su, for example a wheel group.
|
||
|
|
||
|
|
||
|
---General configuration
|
||
|
|
||
|
Most of the configuration for the shadow utilities is in
|
||
|
/etc/login.defs. See login.defs(5). The defaults are quite
|
||
|
reasonable.
|
||
|
|
||
|
|
||
|
---MD5 Encryption
|
||
|
|
||
|
If you set MD5_CRYPT_ENAB=yes in /etc/login.defs, passwords will be
|
||
|
encrypted with an MD5-based algorithm. It also supports of passwords
|
||
|
of unlimited length and longer salt strings.
|
||
|
|
||
|
|
||
|
---Login and resource control
|
||
|
|
||
|
/etc/login.access and /etc/porttime control who may login to which
|
||
|
ports and when they may login. To enforce time restrictions, you'll
|
||
|
need to run logoutd. /etc/init.d/logoutd will start it on bootup if
|
||
|
there are non-comment lines in /etc/portttime.
|
||
|
|
||
|
The lastlog and faillog commands will report the last time a user had
|
||
|
a successful and failed login, respectively.
|
||
|
|
||
|
You may set per-user resource limits by editing /etc/limits. See
|
||
|
limits(5).
|
||
|
|
||
|
|
||
|
---Adding users and groups
|
||
|
|
||
|
Though you may add users and groups with the SysV type commands,
|
||
|
useradd and groupadd, I recommend you add them with Debian adduser
|
||
|
version 3+. adduser gives you more configuration and conforms to the
|
||
|
Debian UID and GID allocation.
|
||
|
|
||
|
Editing user and group parameters can be done with usermod and
|
||
|
groupmod. Removing users and groups can be done with userdel and
|
||
|
groupdel.
|
||
|
|
||
|
|
||
|
--- Group administration
|
||
|
|
||
|
Local group allocation is much easier. With gpasswd(1) you can
|
||
|
designate users to administer groups. They can then securely add or
|
||
|
remove users from the group.
|
||
|
|
||
|
|
||
|
--- What to read next?
|
||
|
|
||
|
Read the manpages, the other files in this directory, and the Shadow
|
||
|
Password HOWTO (included in the doc-linux package). A large portion
|
||
|
of these files deals with getting shadow installed. You can, of
|
||
|
course, ignore those parts.
|