+2007-11-27 Nicolas François <nicolas.francois@centraliens.net>
+
+ * man/chfn.1.xml: Uses CHFN_AUTH, CHFN_RESTRICT, LOGIN_STRING.
+ * man/chgpasswd.8.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP,
+ MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS (SHA_CRYPT_MAX_ROUNDS).
+ * man/chpasswd.8.xml: Switch to using entities for ENCRYPT_METHOD,
+ MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS (SHA_CRYPT_MAX_ROUNDS).
+ * man/chsh.1.xml: Uses CHSH_AUTH, LOGIN_STRING.
+ * man/expiry.1.xml: Does not use any login.defs parameter.
+ * man/gpasswd.1.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP,
+ MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS.
+ * man/login.defs.5.xml: Added CHSH_AUTH.
+ * man/login.defs.5.xml: Cross reference -> cross references.
+ * man/login.defs.5.xml: chfn only uses CHFN_AUTH when no_pam.
+ * man/login.defs.5.xml: chsh uses CHSH_AUTH, not CHFN_AUTH.
+ * man/login.defs.d/CHSH_AUTH.xml: Added.
+ * man/login.defs.5.xml: chsh uses parameters only when no_pam.
+ * man/login.defs.5.xml: expiry does not use CONSOLE_GROUPS, even
+ if linked in the binary.
+ * man/newusers.8.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP,
+ MD5_CRYPT_ENAB, PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_WARN_AGE,
+ SHA_CRYPT_MIN_ROUNDS, UMASK.
+
2007-11-26 Nicolas François <nicolas.francois@centraliens.net>
* man/generate_translations.mak, man/po/Makefile.in.in: Add
<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
+<!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
+<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
+]>
+
<refentry id='chfn.1'>
<!-- $Id$ -->
<refmeta>
</para>
</refsect1>
+ <refsect1 id='configuration'>
+ <title>CONFIGURATION</title>
+ <para>
+ The following configuration variables in
+ <filename>/etc/login.defs</filename> change the behavior of this
+ tool:
+ </para>
+ <variablelist>
+ &CHFN_AUTH;
+ &CHFN_RESTRICT;
+ &LOGIN_STRING;
+ </variablelist>
+ </refsect1>
+
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
+<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
+<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+]>
+
<refentry id='chgpasswd.8'>
<!-- $Id$ -->
<refmeta>
</para>
</refsect1>
+ <refsect1 id='configuration'>
+ <title>CONFIGURATION</title>
+ <para>
+ The following configuration variables in
+ <filename>/etc/login.defs</filename> change the behavior of this
+ tool:
+ </para>
+ <variablelist>
+ &ENCRYPT_METHOD;
+ &MAX_MEMBERS_PER_GROUP;
+ &MD5_CRYPT_ENAB;
+ &SHA_CRYPT_MIN_ROUNDS; <!--This also document SHA_CRYPT_MAX_ROUNDS-->
+ </variablelist>
+ </refsect1>
+
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
+<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
+<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+]>
+
<refentry id='chpasswd.8'>
<!-- $Id$ -->
<refmeta>
<filename>/etc/login.defs</filename> change the behavior of this
tool:
</para>
- <!--********************************************************************
- ** **
- ** Definitions copied from login.def.5.xml **
- ** **
- ********************************************************************-->
<variablelist>
- <varlistentry>
- <term><option>MD5_CRYPT_ENAB</option> (boolean)</term>
- <listitem>
- <para>
- Indicate if passwords must be encrypted using the MD5-based
- algorithm. If set to <replaceable>yes</replaceable>, new
- passwords will be encrypted
- using the MD5-based algorithm compatible with the one used by
- recent releases of FreeBSD. It supports passwords of
- unlimited length and longer salt strings. Set to
- <replaceable>no</replaceable> if you
- need to copy encrypted passwords to other systems which don't
- understand the new algorithm. Default is
- <replaceable>no</replaceable>.
- </para>
- <para>
- This variable is superceded by the
- <option>ENCRYPT_METHOD</option> variable or by any command
- line option.
- </para>
- <para>
- This variable is deprecated. You should use
- <option>ENCRYPT_METHOD</option>.
- </para>
- <para>
- Note: if you use PAM, it is recommended to set this variable
- consistently with the PAM modules configuration.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><option>ENCRYPT_METHOD</option> (string)</term>
- <listitem>
- <para>
- This defines the system default encryption algorithm for
- encrypting passwords (if no algorithm are specified on the
- command line).
- </para>
- <para>
- It can take one of these values:
- <itemizedlist>
- <listitem>
- <para><replaceable>DES</replaceable> (default)</para>
- </listitem>
- <listitem>
- <para><replaceable>MD5</replaceable></para>
- </listitem>
- <listitem>
- <para><replaceable>SHA256</replaceable></para>
- </listitem>
- <listitem>
- <para><replaceable>SHA512</replaceable></para>
- </listitem>
- </itemizedlist>
- </para>
- <para>
- Note: this parameter overrides the
- <option>MD5_CRYPT_ENAB</option> variable.
- </para>
- <para>
- Note: if you use PAM, it is recommended to set this variable
- consistently with the PAM modules configuration.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><option>SHA_CRYPT_MIN_ROUNDS</option> (number)</term>
- <term><option>SHA_CRYPT_MAX_ROUNDS</option> (number)</term>
- <listitem>
- <para>
- When <option>ENCRYPT_METHOD</option> is set to
- <replaceable>SHA256</replaceable> or
- <replaceable>SHA512</replaceable>, this defines the number of
- SHA rounds used by the encryption algorithm by default (when
- the number of rounds is not specified on the command line).
- </para>
- <para>
- With a lot of rounds, it is more difficult to brute forcing
- the password. But note also that more CPU resources will be
- needed to authenticate users.
- </para>
- <para>
- If not specified, the libc will choose the default number of
- rounds (5000).
- </para>
- <para>
- The values must be inside the 1000-999999999 range.
- </para>
- <para>
- If only one of the <option>SHA_CRYPT_MIN_ROUNDS</option> or
- <option>SHA_CRYPT_MAX_ROUNDS</option> values is set, then this
- value will be used.
- </para>
- <para>
- If <option>SHA_CRYPT_MIN_ROUNDS</option> >
- <option>SHA_CRYPT_MAX_ROUNDS</option>, the highest value will
- be used.
- </para>
- </listitem>
- </varlistentry>
+ &ENCRYPT_METHOD;
+ &MD5_CRYPT_ENAB;
+ &SHA_CRYPT_MIN_ROUNDS; <!--documents also SHA_CRYPT_MAX_ROUNDS-->
</variablelist>
</refsect1>
<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
+<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
+]>
+
<refentry id='chsh.1'>
<!-- $Id$ -->
<refmeta>
</para>
</refsect1>
+ <refsect1 id='configuration' condition="no_pam">
+ <title>CONFIGURATION</title>
+ <para>
+ The following configuration variables in
+ <filename>/etc/login.defs</filename> change the behavior of this
+ tool:
+ </para>
+ <variablelist>
+ &CHSH_AUTH;
+ &LOGIN_STRING;
+ </variablelist>
+ </refsect1>
+
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!--ENTITY CONSOLE_GROUPS SYSTEM "login.defs.d/CONSOLE_GROUPS.xml"-->
+<!-- A call to CONSOLE_GROUPS is linked, but not used -->
+]>
+
<refentry id='expiry.1'>
<!-- $Id$ -->
<refmeta>
<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
+<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
+<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+]>
+
<refentry id='gpasswd.1'>
<!-- $Id$ -->
<refmeta>
</para>
</refsect1>
+ <refsect1 id='configuration'>
+ <title>CONFIGURATION</title>
+ <para>
+ The following configuration variables in
+ <filename>/etc/login.defs</filename> change the behavior of this
+ tool:
+ </para>
+ <variablelist>
+ &ENCRYPT_METHOD;
+ &MAX_MEMBERS_PER_GROUP;
+ &MD5_CRYPT_ENAB;
+ &SHA_CRYPT_MIN_ROUNDS; <!--This also document SHA_CRYPT_MAX_ROUNDS-->
+ </variablelist>
+ </refsect1>
+
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
<!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
+<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
<!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
<variablelist remap='IP'>
&CHFN_AUTH;
&CHFN_RESTRICT;
+ &CHSH_AUTH;
&ENCRYPT_METHOD;
&GID_MAX; <!--document also GID_MIN-->
&LOGIN_STRING;
</variablelist>
</refsect1>
- <refsect1 id='cross_reference'>
- <title>CROSS REFERENCE</title>
+ <refsect1 id='cross_references'>
+ <title>CROSS REFERENCES</title>
<para>
- The following cross reference shows which programs in the shadow
+ The following cross references show which programs in the shadow
password suite use which parameters.
</para>
<!-- .na -->
<term>chfn</term>
<listitem>
<para>
- CHFN_AUTH CHFN_RESTRICT
+ <phrase condition="no_pam">CHFN_AUTH</phrase>
+ CHFN_RESTRICT
<phrase condition="no_pam">LOGIN_STRING</phrase>
</para>
</listitem>
</para>
</listitem>
</varlistentry>
- <varlistentry>
+ <varlistentry condition="no_pam">
<term>chsh</term>
<listitem>
<para>
- CHFN_AUTH
- <phrase condition="no_pam">LOGIN_STRING</phrase>
+ CHSH_AUTH LOGIN_STRING
</para>
</listitem>
</varlistentry>
- <varlistentry condition="no_pam">
- <term>expiry</term>
- <listitem>
- <para>CONSOLE_GROUPS</para>
- </listitem>
- </varlistentry>
+ <!-- expiry: no variables (CONSOLE_GROUPS linked, but not used) -->
<!-- faillog: no variables -->
<varlistentry>
<term>gpasswd</term>
-<varlistentry>
+<varlistentry condition="no_pam">
<term><option>CHFN_AUTH</option> (boolean)</term>
<listitem>
<para>
- If <replaceable>yes</replaceable>, the <command>chfn</command> and
- <command>chsh</command> programs will require authentication before
- making any changes, unless run by the superuser.
+ If <replaceable>yes</replaceable>, the <command>chfn</command>
+ program will require authentication before making any changes,
+ unless run by the superuser.
</para>
</listitem>
</varlistentry>
--- /dev/null
+<varlistentry condition="no_pam">
+ <term><option>CHSH_AUTH</option> (boolean)</term>
+ <listitem>
+ <para>
+ If <replaceable>yes</replaceable>, the <command>chsh</command>
+ program will require authentication before making any changes,
+ unless run by the superuser.
+ </para>
+ </listitem>
+</varlistentry>
<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
+<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
+<!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
+<!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
+<!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
+<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+<!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
+]>
+
<refentry id='newusers.8'>
<!-- $Id$ -->
<refmeta>
</para>
</refsect1>
+ <refsect1 id='configuration'>
+ <title>CONFIGURATION</title>
+ <para>
+ The following configuration variables in
+ <filename>/etc/login.defs</filename> change the behavior of this
+ tool:
+ </para>
+ <variablelist>
+ &ENCRYPT_METHOD;
+ &MAX_MEMBERS_PER_GROUP;
+ &MD5_CRYPT_ENAB;
+ &PASS_MAX_DAYS;
+ &PASS_MIN_DAYS;
+ &PASS_WARN_AGE;
+ &SHA_CRYPT_MIN_ROUNDS; <!--This also document SHA_CRYPT_MAX_ROUNDS-->
+ &UMASK;
+ </variablelist>
+ </refsect1>
+
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
projects / shadow / commitdiff