0f7f0ea467
* man/chgpasswd.8.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP, MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS (SHA_CRYPT_MAX_ROUNDS). * man/chpasswd.8.xml: Switch to using entities for ENCRYPT_METHOD, MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS (SHA_CRYPT_MAX_ROUNDS). * man/chsh.1.xml: Uses CHSH_AUTH, LOGIN_STRING. * man/expiry.1.xml: Does not use any login.defs parameter. * man/gpasswd.1.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP, MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS. * man/login.defs.5.xml: Added CHSH_AUTH. * man/login.defs.5.xml: Cross reference -> cross references. * man/login.defs.5.xml: chfn only uses CHFN_AUTH when no_pam. * man/login.defs.5.xml: chsh uses CHSH_AUTH, not CHFN_AUTH. * man/login.defs.d/CHSH_AUTH.xml: Added. * man/login.defs.5.xml: chsh uses parameters only when no_pam. * man/login.defs.5.xml: expiry does not use CONSOLE_GROUPS, even if linked in the binary. * man/newusers.8.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP, MD5_CRYPT_ENAB, PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_WARN_AGE, SHA_CRYPT_MIN_ROUNDS, UMASK.
321 lines
9.7 KiB
XML
321 lines
9.7 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
|
|
<!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
|
|
<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
|
|
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
|
|
<!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
|
|
<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
|
|
<!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
|
|
<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
|
|
<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
|
|
<!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
|
|
<!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
|
|
<!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
|
|
<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
|
|
<!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
|
|
<!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
|
|
<!ENTITY USERDEL_CMD SYSTEM "login.defs.d/USERDEL_CMD.xml">
|
|
]>
|
|
|
|
<refentry id='login.defs.5'>
|
|
<!-- $Id$ -->
|
|
<refmeta>
|
|
<refentrytitle>login.defs</refentrytitle>
|
|
<manvolnum>5</manvolnum>
|
|
<refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
|
|
</refmeta>
|
|
<refnamediv id='name'>
|
|
<refname>login.defs</refname>
|
|
<refpurpose>shadow password suite configuration</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsect1 id='description'>
|
|
<title>DESCRIPTION</title>
|
|
<para>
|
|
The <filename>/etc/login.defs</filename> file defines the
|
|
site-specific configuration for the shadow password suite. This file
|
|
is required. Absence of this file will not prevent system operation,
|
|
but will probably result in undesirable operation.
|
|
</para>
|
|
|
|
<para>
|
|
This file is a readable text file, each line of the file describing
|
|
one configuration parameter. The lines consist of a configuration name
|
|
and value, separated by whitespace. Blank lines and comment lines are
|
|
ignored. Comments are introduced with a "#" pound sign and the pound
|
|
sign must be the first non-white character of the line.
|
|
</para>
|
|
|
|
<para>
|
|
Parameter values may be of four types: strings, booleans, numbers, and
|
|
long numbers. A string is comprised of any printable characters. A
|
|
boolean should be either the value <replaceable>yes</replaceable> or
|
|
<replaceable>no</replaceable>. An undefined boolean
|
|
parameter or one with a value other than these will be given a
|
|
<replaceable>no</replaceable>
|
|
value. Numbers (both regular and long) may be either decimal values,
|
|
octal values (precede the value with <replaceable>0</replaceable>) or
|
|
hexadecimal values
|
|
(precede the value with <replaceable>0x</replaceable>).
|
|
The maximum value of the regular and
|
|
long numeric parameters is machine-dependent.
|
|
</para>
|
|
|
|
<para>The following configuration items are provided:</para>
|
|
|
|
<variablelist remap='IP'>
|
|
&CHFN_AUTH;
|
|
&CHFN_RESTRICT;
|
|
&CHSH_AUTH;
|
|
&ENCRYPT_METHOD;
|
|
&GID_MAX; <!--document also GID_MIN-->
|
|
&LOGIN_STRING;
|
|
&MAIL_DIR;
|
|
&MAX_MEMBERS_PER_GROUP;
|
|
&MD5_CRYPT_ENAB;
|
|
&PASS_MAX_DAYS;
|
|
&PASS_MIN_DAYS;
|
|
&PASS_WARN_AGE;
|
|
</variablelist>
|
|
<para>
|
|
<option>PASS_MAX_DAYS</option>, <option>PASS_MIN_DAYS</option> and
|
|
<option>PASS_WARN_AGE</option> are only used at the
|
|
time of account creation. Any changes to these settings won't affect
|
|
existing accounts.
|
|
</para>
|
|
<variablelist remap='IP'>
|
|
&SHA_CRYPT_MIN_ROUNDS; <!--document also SHA_CRYPT_MAX_ROUNDS-->
|
|
&UID_MAX; <!--document also UID_MIN-->
|
|
&UMASK;
|
|
&USERDEL_CMD;
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1 id='cross_references'>
|
|
<title>CROSS REFERENCES</title>
|
|
<para>
|
|
The following cross references show which programs in the shadow
|
|
password suite use which parameters.
|
|
</para>
|
|
<!-- .na -->
|
|
<variablelist remap='IP'>
|
|
<!-- chage: no variables -->
|
|
<varlistentry>
|
|
<term>chfn</term>
|
|
<listitem>
|
|
<para>
|
|
<phrase condition="no_pam">CHFN_AUTH</phrase>
|
|
CHFN_RESTRICT
|
|
<phrase condition="no_pam">LOGIN_STRING</phrase>
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>chgpasswd</term>
|
|
<listitem>
|
|
<para>
|
|
ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
|
|
SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>chpasswd</term>
|
|
<listitem>
|
|
<para>
|
|
ENCRYPT_METHOD MD5_CRYPT_ENAB SHA_CRYPT_MAX_ROUNDS
|
|
SHA_CRYPT_MIN_ROUNDS
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry condition="no_pam">
|
|
<term>chsh</term>
|
|
<listitem>
|
|
<para>
|
|
CHSH_AUTH LOGIN_STRING
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<!-- expiry: no variables (CONSOLE_GROUPS linked, but not used) -->
|
|
<!-- faillog: no variables -->
|
|
<varlistentry>
|
|
<term>gpasswd</term>
|
|
<listitem>
|
|
<para>
|
|
ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
|
|
SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>groupadd</term>
|
|
<listitem>
|
|
<para>GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>groupdel</term>
|
|
<listitem>
|
|
<para>MAX_MEMBERS_PER_GROUP</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>groupmod</term>
|
|
<listitem>
|
|
<para>MAX_MEMBERS_PER_GROUP</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<!-- groups: no variables -->
|
|
<varlistentry>
|
|
<term>grpck</term>
|
|
<listitem>
|
|
<para>MAX_MEMBERS_PER_GROUP</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>grpconv</term>
|
|
<listitem>
|
|
<para>MAX_MEMBERS_PER_GROUP</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>grpunconv</term>
|
|
<listitem>
|
|
<para>MAX_MEMBERS_PER_GROUP</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<!-- id: no variables -->
|
|
<!-- lastlog: no variables -->
|
|
<varlistentry>
|
|
<term>login</term>
|
|
<listitem>
|
|
<para>
|
|
CONSOLE CONSOLE_GROUPS DEFAULT_HOME ENV_HZ ENV_PATH ENV_SUPATH
|
|
ENV_TZ ENVIRON_FILE ERASECHAR FAIL_DELAY FAILLOG_ENAB
|
|
FAKE_SHELL FTMP_FILE HUSHLOGIN_FILE ISSUE_FILE KILLCHAR
|
|
LASTLOG_ENAB LOGIN_RETRIES LOGIN_STRING LOGIN_TIMEOUT
|
|
LOG_OK_LOGINS LOG_UNKFAIL_ENAB MAIL_CHECK_ENAB MAIL_DIR
|
|
MAIL_FILE MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
|
|
QUOTAS_ENAB TTYGROUP TTYPERM TTYTYPE_FILE ULIMIT UMASK
|
|
USERGROUPS_ENAB
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<!-- logoutd: no variables -->
|
|
<varlistentry>
|
|
<term>newgrp</term>
|
|
<listitem>
|
|
<para>
|
|
SYSLOG_SG_ENAB
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>newusers</term>
|
|
<listitem>
|
|
<para>
|
|
ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
|
|
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE SHA_CRYPT_MIN_ROUNDS
|
|
UMASK
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<!-- nologin: no variables -->
|
|
<varlistentry>
|
|
<term>passwd</term>
|
|
<listitem>
|
|
<para>
|
|
ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
|
|
PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
|
|
SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>pwck</term>
|
|
<listitem>
|
|
<para>
|
|
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>pwconv</term>
|
|
<listitem>
|
|
<para>PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<!-- pwunconv: no variables -->
|
|
<varlistentry>
|
|
<term>useradd</term>
|
|
<listitem>
|
|
<para>
|
|
GID_MAX GID_MIN
|
|
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
|
|
UID_MAX UID_MIN
|
|
UMASK
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>userdel</term>
|
|
<listitem>
|
|
<para>MAIL_DIR
|
|
USERDEL_CMD
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>usermod</term>
|
|
<listitem>
|
|
<para>MAIL_DIR</para>
|
|
<!-- .ad -->
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1 id='bugs'>
|
|
<title>BUGS</title>
|
|
<para>
|
|
Much of the functionality that used to be provided by the shadow
|
|
password suite is now handled by PAM. Thus,
|
|
<filename>/etc/login.defs</filename> is no longer used by programs
|
|
such as: <citerefentry>
|
|
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>, <citerefentry>
|
|
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>, <citerefentry>
|
|
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>. Please refer to the corresponding PAM configuration
|
|
files instead.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id='see_also'>
|
|
<title>SEE ALSO</title>
|
|
<para>
|
|
<citerefentry>
|
|
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>.
|
|
</para>
|
|
</refsect1>
|
|
</refentry>
|