shadow/doc/README.debian

69 lines
2.1 KiB
Plaintext
Raw Normal View History

Read this file first for a brief overview of the new versions of login
and passwd.
---Shadow passwords
The command `shadowconfig on' will turn on shadow password support.
`shadowconfig off' will turn it back off. If you turn on shadow
password support, you'll gain the ability to set password ages and
expirations with chage(1).
You may want to install the secure-su package which allows more
restrictions on su, for example a wheel group.
---General configuration
Most of the configuration for the shadow utilities is in
/etc/login.defs. See login.defs(5). The defaults are quite
reasonable.
---MD5 Encryption
If you set MD5_CRYPT_ENAB=yes in /etc/login.defs, passwords will be
encrypted with an MD5-based algorithm. It also supports of passwords
of unlimited length and longer salt strings.
---Login and resource control
/etc/login.access and /etc/porttime control who may login to which
ports and when they may login. To enforce time restrictions, you'll
need to run logoutd. /etc/init.d/logoutd will start it on bootup if
there are non-comment lines in /etc/portttime.
The lastlog and faillog commands will report the last time a user had
a successful and failed login, respectively.
You may set per-user resource limits by editing /etc/limits. See
limits(5).
---Adding users and groups
Though you may add users and groups with the SysV type commands,
useradd and groupadd, I recommend you add them with Debian adduser
version 3+. adduser gives you more configuration and conforms to the
Debian UID and GID allocation.
Editing user and group parameters can be done with usermod and
groupmod. Removing users and groups can be done with userdel and
groupdel.
--- Group administration
Local group allocation is much easier. With gpasswd(1) you can
designate users to administer groups. They can then securely add or
remove users from the group.
--- What to read next?
Read the manpages, the other files in this directory, and the Shadow
Password HOWTO (included in the doc-linux package). A large portion
of these files deals with getting shadow installed. You can, of
course, ignore those parts.