# # /etc/login.defs - Configuration control definitions for the login package. # # $Id: login.defs.hurd,v 1.1 1999/08/27 19:02:50 marekm Exp $ # # One item must be defined: MAIL_DIR. # If unspecified, some arbitrary (and possibly incorrect) value will # be assumed. All other items are optional - if not specified then # the described action or option will be inhibited. # # Comment lines (lines beginning with "#") and blank lines are ignored. # # Modified for the Hurd. --brinkmd # # Enable additional checks upon password changes. # OBSCURE_CHECKS_ENAB yes # # *REQUIRED* # Directory where mailboxes reside, _or_ name of file, relative to the # home directory. If you _do_ define both, MAIL_DIR takes precedence. # QMAIL_DIR is for Qmail # #QMAIL_DIR Maildir MAIL_DIR /var/spool/mail #MAIL_FILE .mail # # Password aging controls: # # PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MIN_DAYS Minimum number of days allowed between password changes. # PASS_MIN_LEN Minimum acceptable password length. # PASS_WARN_AGE Number of days warning given before a password expires. # PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7 # # If compiled with cracklib support, where are the dictionaries # #CRACKLIB_DICTPATH /usr/lib/passwd/pw_dict # # Min/max values for automatic uid selection in useradd # UID_MIN 1000 UID_MAX 60000 # # Min/max values for automatic gid selection in groupadd # GID_MIN 100 GID_MAX 60000 # # Maximum number of attempts to change password if rejected (too easy) # PASS_CHANGE_TRIES 5 # # Warn about weak passwords (but still allow them) if you are root. # PASS_ALWAYS_WARN yes # # Number of significant characters in the password for crypt(). # Default is 8, don't change unless your crypt() is better. # Ignored if MD5_CRYPT_ENAB set to "yes". # #PASS_MAX_LEN 8 # # Require password before chfn/chsh can make any changes. # CHFN_AUTH yes # # Which fields may be changed by regular users using chfn - use # any combination of letters "frwh" (full name, room number, work # phone, home phone). If not defined, no changes are allowed. # For backward compatibility, "yes" = "rwh" and "no" = "frwh". # CHFN_RESTRICT rwh # # Password prompt (%s will be replaced by user name). # # XXX - it doesn't work correctly yet, for now leave it commented out # to use the default which is just "Password: ". #LOGIN_STRING "%s's Password: " # # Only works if compiled with MD5_CRYPT defined: # If set to "yes", new passwords will be encrypted using the MD5-based # algorithm compatible with the one used by recent releases of FreeBSD. # It supports passwords of unlimited length and longer salt strings. # Set to "no" if you need to copy encrypted passwords to other systems # which don't understand the new algorithm. Default is "no". # #MD5_CRYPT_ENAB no # # If defined, this command is run when removing a user. # It should remove any at/cron/print jobs etc. owned by # the user to be removed (passed as the first argument). # #USERDEL_CMD /usr/sbin/userdel_local # # When prompting for password without echo, getpass() can optionally # display a random number (in the range 1 to GETPASS_ASTERISKS) of '*' # characters for each character typed. This feature is designed to # confuse people looking over your shoulder when you enter a password :-). # Also, the new getpass() accepts both Backspace (8) and Delete (127) # keys to delete previous character (to cope with different terminal # types), Control-U to delete all characters, and beeps when there are # no more characters to delete, or too many characters entered. # # Setting GETPASS_ASTERISKS to 1 results in more traditional behaviour - # exactly one '*' displayed for each character typed. # # Setting GETPASS_ASTERISKS to 0 disables the '*' characters (Backspace, # Delete, Control-U and beep continue to work as described above). # # Setting GETPASS_ASTERISKS to -1 reverts to the traditional getpass() # without any new features. This is the default. # #GETPASS_ASTERISKS 1 # # Enable setting of the umask group bits to be the same as owner bits # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is # the same as gid, and username is the same as the primary group name. # USERGROUPS_ENAB yes