* man/chfn.1.xml: Uses CHFN_AUTH, CHFN_RESTRICT, LOGIN_STRING.

* man/chgpasswd.8.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP,
  MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS (SHA_CRYPT_MAX_ROUNDS).
* man/chpasswd.8.xml: Switch to using entities for ENCRYPT_METHOD,
  MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS (SHA_CRYPT_MAX_ROUNDS).
* man/chsh.1.xml: Uses CHSH_AUTH, LOGIN_STRING.
* man/expiry.1.xml: Does not use any login.defs parameter.
* man/gpasswd.1.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP,
  MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS.
* man/login.defs.5.xml: Added CHSH_AUTH.
* man/login.defs.5.xml: Cross reference -> cross references.
* man/login.defs.5.xml: chfn only uses CHFN_AUTH when no_pam.
* man/login.defs.5.xml: chsh uses CHSH_AUTH, not CHFN_AUTH.
* man/login.defs.d/CHSH_AUTH.xml: Added.
* man/login.defs.5.xml: chsh uses parameters only when no_pam.
* man/login.defs.5.xml: expiry does not use CONSOLE_GROUPS, even
  if linked in the binary.
* man/newusers.8.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP,
  MD5_CRYPT_ENAB, PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_WARN_AGE,
  SHA_CRYPT_MIN_ROUNDS, UMASK.
This commit is contained in:
nekral-guest 2007-11-26 23:27:56 +00:00
parent 7fd329721a
commit 0f7f0ea467
11 changed files with 180 additions and 122 deletions

View File

@ -1,3 +1,26 @@
2007-11-27 Nicolas François <nicolas.francois@centraliens.net>
* man/chfn.1.xml: Uses CHFN_AUTH, CHFN_RESTRICT, LOGIN_STRING.
* man/chgpasswd.8.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP,
MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS (SHA_CRYPT_MAX_ROUNDS).
* man/chpasswd.8.xml: Switch to using entities for ENCRYPT_METHOD,
MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS (SHA_CRYPT_MAX_ROUNDS).
* man/chsh.1.xml: Uses CHSH_AUTH, LOGIN_STRING.
* man/expiry.1.xml: Does not use any login.defs parameter.
* man/gpasswd.1.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP,
MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS.
* man/login.defs.5.xml: Added CHSH_AUTH.
* man/login.defs.5.xml: Cross reference -> cross references.
* man/login.defs.5.xml: chfn only uses CHFN_AUTH when no_pam.
* man/login.defs.5.xml: chsh uses CHSH_AUTH, not CHFN_AUTH.
* man/login.defs.d/CHSH_AUTH.xml: Added.
* man/login.defs.5.xml: chsh uses parameters only when no_pam.
* man/login.defs.5.xml: expiry does not use CONSOLE_GROUPS, even
if linked in the binary.
* man/newusers.8.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP,
MD5_CRYPT_ENAB, PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_WARN_AGE,
SHA_CRYPT_MIN_ROUNDS, UMASK.
2007-11-26 Nicolas François <nicolas.francois@centraliens.net>
* man/generate_translations.mak, man/po/Makefile.in.in: Add

View File

@ -1,4 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
<!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
]>
<refentry id='chfn.1'>
<!-- $Id$ -->
<refmeta>
@ -56,6 +63,20 @@
</para>
</refsect1>
<refsect1 id='configuration'>
<title>CONFIGURATION</title>
<para>
The following configuration variables in
<filename>/etc/login.defs</filename> change the behavior of this
tool:
</para>
<variablelist>
&CHFN_AUTH;
&CHFN_RESTRICT;
&LOGIN_STRING;
</variablelist>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>

View File

@ -1,4 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
]>
<refentry id='chgpasswd.8'>
<!-- $Id$ -->
<refmeta>
@ -121,6 +129,21 @@
</para>
</refsect1>
<refsect1 id='configuration'>
<title>CONFIGURATION</title>
<para>
The following configuration variables in
<filename>/etc/login.defs</filename> change the behavior of this
tool:
</para>
<variablelist>
&ENCRYPT_METHOD;
&MAX_MEMBERS_PER_GROUP;
&MD5_CRYPT_ENAB;
&SHA_CRYPT_MIN_ROUNDS; <!--This also document SHA_CRYPT_MAX_ROUNDS-->
</variablelist>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>

View File

@ -1,4 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
]>
<refentry id='chpasswd.8'>
<!-- $Id$ -->
<refmeta>
@ -135,112 +142,10 @@
<filename>/etc/login.defs</filename> change the behavior of this
tool:
</para>
<!--********************************************************************
** **
** Definitions copied from login.def.5.xml **
** **
********************************************************************-->
<variablelist>
<varlistentry>
<term><option>MD5_CRYPT_ENAB</option> (boolean)</term>
<listitem>
<para>
Indicate if passwords must be encrypted using the MD5-based
algorithm. If set to <replaceable>yes</replaceable>, new
passwords will be encrypted
using the MD5-based algorithm compatible with the one used by
recent releases of FreeBSD. It supports passwords of
unlimited length and longer salt strings. Set to
<replaceable>no</replaceable> if you
need to copy encrypted passwords to other systems which don't
understand the new algorithm. Default is
<replaceable>no</replaceable>.
</para>
<para>
This variable is superceded by the
<option>ENCRYPT_METHOD</option> variable or by any command
line option.
</para>
<para>
This variable is deprecated. You should use
<option>ENCRYPT_METHOD</option>.
</para>
<para>
Note: if you use PAM, it is recommended to set this variable
consistently with the PAM modules configuration.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>ENCRYPT_METHOD</option> (string)</term>
<listitem>
<para>
This defines the system default encryption algorithm for
encrypting passwords (if no algorithm are specified on the
command line).
</para>
<para>
It can take one of these values:
<itemizedlist>
<listitem>
<para><replaceable>DES</replaceable> (default)</para>
</listitem>
<listitem>
<para><replaceable>MD5</replaceable></para>
</listitem>
<listitem>
<para><replaceable>SHA256</replaceable></para>
</listitem>
<listitem>
<para><replaceable>SHA512</replaceable></para>
</listitem>
</itemizedlist>
</para>
<para>
Note: this parameter overrides the
<option>MD5_CRYPT_ENAB</option> variable.
</para>
<para>
Note: if you use PAM, it is recommended to set this variable
consistently with the PAM modules configuration.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>SHA_CRYPT_MIN_ROUNDS</option> (number)</term>
<term><option>SHA_CRYPT_MAX_ROUNDS</option> (number)</term>
<listitem>
<para>
When <option>ENCRYPT_METHOD</option> is set to
<replaceable>SHA256</replaceable> or
<replaceable>SHA512</replaceable>, this defines the number of
SHA rounds used by the encryption algorithm by default (when
the number of rounds is not specified on the command line).
</para>
<para>
With a lot of rounds, it is more difficult to brute forcing
the password. But note also that more CPU resources will be
needed to authenticate users.
</para>
<para>
If not specified, the libc will choose the default number of
rounds (5000).
</para>
<para>
The values must be inside the 1000-999999999 range.
</para>
<para>
If only one of the <option>SHA_CRYPT_MIN_ROUNDS</option> or
<option>SHA_CRYPT_MAX_ROUNDS</option> values is set, then this
value will be used.
</para>
<para>
If <option>SHA_CRYPT_MIN_ROUNDS</option> &gt;
<option>SHA_CRYPT_MAX_ROUNDS</option>, the highest value will
be used.
</para>
</listitem>
</varlistentry>
&ENCRYPT_METHOD;
&MD5_CRYPT_ENAB;
&SHA_CRYPT_MIN_ROUNDS; <!--documents also SHA_CRYPT_MAX_ROUNDS-->
</variablelist>
</refsect1>

View File

@ -1,4 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
]>
<refentry id='chsh.1'>
<!-- $Id$ -->
<refmeta>
@ -81,6 +87,19 @@
</para>
</refsect1>
<refsect1 id='configuration' condition="no_pam">
<title>CONFIGURATION</title>
<para>
The following configuration variables in
<filename>/etc/login.defs</filename> change the behavior of this
tool:
</para>
<variablelist>
&CHSH_AUTH;
&LOGIN_STRING;
</variablelist>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>

View File

@ -1,4 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!--ENTITY CONSOLE_GROUPS SYSTEM "login.defs.d/CONSOLE_GROUPS.xml"-->
<!-- A call to CONSOLE_GROUPS is linked, but not used -->
]>
<refentry id='expiry.1'>
<!-- $Id$ -->
<refmeta>

View File

@ -1,4 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
]>
<refentry id='gpasswd.1'>
<!-- $Id$ -->
<refmeta>
@ -174,6 +182,21 @@
</para>
</refsect1>
<refsect1 id='configuration'>
<title>CONFIGURATION</title>
<para>
The following configuration variables in
<filename>/etc/login.defs</filename> change the behavior of this
tool:
</para>
<variablelist>
&ENCRYPT_METHOD;
&MAX_MEMBERS_PER_GROUP;
&MD5_CRYPT_ENAB;
&SHA_CRYPT_MIN_ROUNDS; <!--This also document SHA_CRYPT_MAX_ROUNDS-->
</variablelist>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>

View File

@ -3,6 +3,7 @@
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
<!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
<!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
@ -67,6 +68,7 @@
<variablelist remap='IP'>
&CHFN_AUTH;
&CHFN_RESTRICT;
&CHSH_AUTH;
&ENCRYPT_METHOD;
&GID_MAX; <!--document also GID_MIN-->
&LOGIN_STRING;
@ -91,10 +93,10 @@
</variablelist>
</refsect1>
<refsect1 id='cross_reference'>
<title>CROSS REFERENCE</title>
<refsect1 id='cross_references'>
<title>CROSS REFERENCES</title>
<para>
The following cross reference shows which programs in the shadow
The following cross references show which programs in the shadow
password suite use which parameters.
</para>
<!-- .na -->
@ -104,7 +106,8 @@
<term>chfn</term>
<listitem>
<para>
CHFN_AUTH CHFN_RESTRICT
<phrase condition="no_pam">CHFN_AUTH</phrase>
CHFN_RESTRICT
<phrase condition="no_pam">LOGIN_STRING</phrase>
</para>
</listitem>
@ -127,21 +130,15 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<varlistentry condition="no_pam">
<term>chsh</term>
<listitem>
<para>
CHFN_AUTH
<phrase condition="no_pam">LOGIN_STRING</phrase>
CHSH_AUTH LOGIN_STRING
</para>
</listitem>
</varlistentry>
<varlistentry condition="no_pam">
<term>expiry</term>
<listitem>
<para>CONSOLE_GROUPS</para>
</listitem>
</varlistentry>
<!-- expiry: no variables (CONSOLE_GROUPS linked, but not used) -->
<!-- faillog: no variables -->
<varlistentry>
<term>gpasswd</term>

View File

@ -1,10 +1,10 @@
<varlistentry>
<varlistentry condition="no_pam">
<term><option>CHFN_AUTH</option> (boolean)</term>
<listitem>
<para>
If <replaceable>yes</replaceable>, the <command>chfn</command> and
<command>chsh</command> programs will require authentication before
making any changes, unless run by the superuser.
If <replaceable>yes</replaceable>, the <command>chfn</command>
program will require authentication before making any changes,
unless run by the superuser.
</para>
</listitem>
</varlistentry>

View File

@ -0,0 +1,10 @@
<varlistentry condition="no_pam">
<term><option>CHSH_AUTH</option> (boolean)</term>
<listitem>
<para>
If <replaceable>yes</replaceable>, the <command>chsh</command>
program will require authentication before making any changes,
unless run by the superuser.
</para>
</listitem>
</varlistentry>

View File

@ -1,4 +1,16 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
<!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
<!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
<!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
<!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
]>
<refentry id='newusers.8'>
<!-- $Id$ -->
<refmeta>
@ -92,6 +104,25 @@
</para>
</refsect1>
<refsect1 id='configuration'>
<title>CONFIGURATION</title>
<para>
The following configuration variables in
<filename>/etc/login.defs</filename> change the behavior of this
tool:
</para>
<variablelist>
&ENCRYPT_METHOD;
&MAX_MEMBERS_PER_GROUP;
&MD5_CRYPT_ENAB;
&PASS_MAX_DAYS;
&PASS_MIN_DAYS;
&PASS_WARN_AGE;
&SHA_CRYPT_MIN_ROUNDS; <!--This also document SHA_CRYPT_MAX_ROUNDS-->
&UMASK;
</variablelist>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>