3f649c5504
man/login.defs.d/MD5_CRYPT_ENAB.xml, man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml: Updated note for PAM enabled versions. These variables are only used for group passwords in this case.
70 lines
3.0 KiB
XML
70 lines
3.0 KiB
XML
<!--
|
|
Copyright (c) 2007 - 2008, Nicolas François
|
|
All rights reserved.
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
modification, are permitted provided that the following conditions
|
|
are met:
|
|
1. Redistributions of source code must retain the above copyright
|
|
notice, this list of conditions and the following disclaimer.
|
|
2. Redistributions in binary form must reproduce the above copyright
|
|
notice, this list of conditions and the following disclaimer in the
|
|
documentation and/or other materials provided with the distribution.
|
|
3. The name of the copyright holders or contributors may not be used to
|
|
endorse or promote products derived from this software without
|
|
specific prior written permission.
|
|
|
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
-->
|
|
<varlistentry condition="sha_crypt">
|
|
<term><option>SHA_CRYPT_MIN_ROUNDS</option> (number)</term>
|
|
<term><option>SHA_CRYPT_MAX_ROUNDS</option> (number)</term>
|
|
<listitem>
|
|
<para>
|
|
When <option>ENCRYPT_METHOD</option> is set to
|
|
<replaceable>SHA256</replaceable> or
|
|
<replaceable>SHA512</replaceable>, this defines the number of SHA
|
|
rounds used by the encryption algorithm by default (when the number
|
|
of rounds is not specified on the command line).
|
|
</para>
|
|
<para>
|
|
With a lot of rounds, it is more difficult to brute forcing the
|
|
password. But note also that more CPU resources will be needed to
|
|
authenticate users.
|
|
</para>
|
|
<para>
|
|
If not specified, the libc will choose the default number of rounds
|
|
(5000).
|
|
</para>
|
|
<para>
|
|
The values must be inside the 1000-999999999 range.
|
|
</para>
|
|
<para>
|
|
If only one of the <option>SHA_CRYPT_MIN_ROUNDS</option> or
|
|
<option>SHA_CRYPT_MAX_ROUNDS</option> values is set, then this value
|
|
will be used.
|
|
</para>
|
|
<para>
|
|
If <option>SHA_CRYPT_MIN_ROUNDS</option> >
|
|
<option>SHA_CRYPT_MAX_ROUNDS</option>, the highest value will be
|
|
used.
|
|
</para>
|
|
<para condition="pam">
|
|
Note: This only affect the generation of group passwords.
|
|
The generation of user passwords is done by PAM and subject to the
|
|
PAM configuration. It is recommended to set this variable
|
|
consistently with the PAM configuration.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|