+2010-03-15 Nicolas François <nicolas.francois@centraliens.net>
+
+ * man/chage.1.xml, man/login.defs.5.xml, man/pwck.8.xml,
+ man/pwconv.8.xml, man/useradd.8.xml, man/userdel.8.xml,
+ man/usermod.8.xml, man/vipw.8.xml: Document the usage of the
+ TCB_AUTH_GROUP, TCB_SYMLINKS, and USE_TCB configuration
+ parameters.
+ * man/pwconv.8.xml, man/pwck.8.xml: Document the behavior when
+ USE_TCB is enabled.
+
2010-03-15 Nicolas François <nicolas.francois@centraliens.net>
* po/POTFILES.in, lib/tcbfuncs.c: Add more strings for
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY USE_TCB SYSTEM "login.defs.d/USE_TCB.xml">
+]>
<refentry id='chage.1'>
<!-- $Id$ -->
<refmeta>
</para>
</refsect1>
+ <refsect1 id='configuration'>
+ <title>CONFIGURATION</title>
+ <para>
+ The following configuration variables in
+ <filename>/etc/login.defs</filename> change the behavior of this
+ tool:
+ </para>
+ <variablelist>
+ &USE_TCB;
+ </variablelist>
+ </refsect1>
+
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
</para>
<!-- .na -->
<variablelist remap='IP'>
- <!-- chage: no variables -->
+ <varlistentry condition="tcb">
+ <term>chage</term>
+ <listitem>
+ <para>USE_TCB</para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term>chfn</term>
<listitem>
<listitem>
<para>
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
- <phrase condition="tcb">USE_TCB</phrase>
+ <phrase condition="tcb">TCB_AUTH_GROUP TCB_SYMLINKS USE_TCB</phrase>
</para>
</listitem>
</varlistentry>
<para>
MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP USERDEL_CMD
USERGROUPS_ENAB
- <phrase condition="tcb">USE_TCB</phrase>
+ <phrase condition="tcb">TCB_SYMLINKS USE_TCB</phrase>
</para>
</listitem>
</varlistentry>
<listitem>
<para>
MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP
- <phrase condition="tcb">USE_TCB</phrase>
+ <phrase condition="tcb">TCB_SYMLINKS USE_TCB</phrase>
</para>
</listitem>
</varlistentry>
<!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
<!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
<!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
+<!ENTITY TCB_AUTH_GROUP SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
+<!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+<!ENTITY USE_TCB SYSTEM "login.defs.d/USE_TCB.xml">
]>
<refentry id='pwck.8'>
<!-- $Id$ -->
Sort entries in <filename>/etc/passwd</filename> and
<filename>/etc/shadow</filename> by UID.
</para>
+ <para condition="tcb">
+ This option has no effect when TCB is enabled.
+ </para>
</listitem>
</varlistentry>
</variablelist>
&PASS_MAX_DAYS;
&PASS_MIN_DAYS;
&PASS_WARN_AGE;
+ &TCB_AUTH_GROUP;
+ &TCB_SYMLINKS;
+ &USE_TCB;
</variablelist>
</refsect1>
<!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
<!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
<!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
+<!ENTITY USE_TCB SYSTEM "login.defs.d/USE_TCB.xml">
]>
<refentry id='pwconv.8'>
<!-- $Id$ -->
remap='I'>shadow</emphasis> from <emphasis remap='I'>passwd</emphasis>
and an optionally existing <emphasis remap='I'>shadow</emphasis>.
</para>
+ <para condition="tcb">
+ <command>pwconv</command> does not work with
+ <option>USE_TCB</option> enabled. To convert to tcb passwords, you
+ should first use <command>pwconv</command> to convert to shadowed
+ passwords by disabling <option>USE_TCB</option> in
+ <filename>login.defs</filename> and then convert to tcb password
+ using <command>tcb_convert</command> (and re-enable
+ <option>USE_TCB</option> in <filename>login.defs</filename>.)
+ </para>
<para>
The <command>pwunconv</command> command creates <emphasis
and <emphasis remap='I'>shadow</emphasis> and then removes <emphasis
remap='I'>shadow</emphasis>.
</para>
+ <para condition="tcb">
+ <command>pwunconv</command> does not work with
+ <option>USE_TCB</option> enabled. You should first switch back from
+ tcb to shadowed passwords using <command>tcb_unconvert</command>,
+ and then disable <option>USE_TCB</option> in
+ <filename>login.defs</filename> before using
+ <command>pwunconv</command>.
+ </para>
<para>
The <command>grpconv</command> command creates <emphasis
&PASS_MAX_DAYS;
&PASS_MIN_DAYS;
&PASS_WARN_AGE;
+ &USE_TCB;
</variablelist>
</refsect1>
</citerefentry>,
<citerefentry>
<refentrytitle>pwck</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>.
+ </citerefentry><phrase condition="tcb">,
+ <citerefentry>
+ <refentrytitle>tcb_convert</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>tcb_unconvert</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry></phrase>.
</para>
</refsect1>
</refentry>
<!ENTITY SYS_UID_MAX SYSTEM "login.defs.d/SYS_UID_MAX.xml">
<!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
<!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
+<!ENTITY TCB_AUTH_GROUP SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
+<!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+<!ENTITY USE_TCB SYSTEM "login.defs.d/USE_TCB.xml">
<!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
]>
<refentry id='useradd.8'>
&PASS_WARN_AGE;
&SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
&SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
+ &TCB_AUTH_GROUP;
+ &TCB_SYMLINKS;
&UID_MAX; <!-- documents also UID_MIN -->
&UMASK;
+ &USE_TCB;
&USERGROUPS_ENAB;
</variablelist>
</refsect1>
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+<!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+<!ENTITY USE_TCB SYSTEM "login.defs.d/USE_TCB.xml">
<!ENTITY USERDEL_CMD SYSTEM "login.defs.d/USERDEL_CMD.xml">
<!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
]>
<variablelist>
&MAIL_DIR; <!-- documents also MAIL_FILE -->
&MAX_MEMBERS_PER_GROUP;
+ &TCB_SYMLINKS;
+ &USE_TCB;
&USERDEL_CMD;
&USERGROUPS_ENAB;
</variablelist>
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+<!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+<!ENTITY USE_TCB SYSTEM "login.defs.d/USE_TCB.xml">
]>
<refentry id='usermod.8'>
<!-- $Id$ -->
<variablelist>
&MAIL_DIR; <!-- documents also MAIL_FILE -->
&MAX_MEMBERS_PER_GROUP;
+ &TCB_SYMLINKS;
+ &USE_TCB;
</variablelist>
</refsect1>
-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY USE_TCB SYSTEM "login.defs.d/USE_TCB.xml">
]>
<refentry id='vipw.8'>
<!-- $Id$ -->
</variablelist>
</refsect1>
+ <refsect1 id='configuration'>
+ <title>CONFIGURATION</title>
+ <para>
+ The following configuration variables in
+ <filename>/etc/login.defs</filename> change the behavior of this
+ tool:
+ </para>
+ <variablelist>
+ &USE_TCB;
+ </variablelist>
+ </refsect1>
+
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
projects / shadow / commitdiff