endif
login_defs_v = \
+ BCRYPT_MIN_ROUNDS.xml \
CHFN_AUTH.xml \
CHFN_RESTRICT.xml \
CHSH_AUTH.xml \
SUB_GID_COUNT.xml \
SUB_UID_COUNT.xml \
SYS_GID_MAX.xml \
- SYS_UID_MAX.xml
+ SYS_UID_MAX.xml \
+ YESCRYPT_COST_FACTOR.xml
EXTRA_DIST = \
$(man_MANS) \
-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY BCRYPT_MIN_ROUNDS SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+<!ENTITY YESCRYPT_COST_FACTOR SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml">
<!-- SHADOW-CONFIG-HERE -->
]>
<term><option>-c</option>, <option>--crypt-method</option></term>
<listitem>
<para>Use the specified method to encrypt the passwords.</para>
- <para condition="no_sha_crypt">
- The available methods are DES, MD5, and NONE.
- </para>
- <para condition="sha_crypt">
- The available methods are DES, MD5, NONE, and SHA256 or SHA512
- if your libc support these methods.
+ <para>
+ The available methods are <phrase condition="bcrypt">
+ <replaceable>BCRYPT</replaceable>,</phrase>
+ <replaceable>DES</replaceable>,
+ <replaceable>MD5</replaceable><phrase condition="sha_crypt">,
+ <replaceable>SHA256</replaceable>,
+ <replaceable>SHA512</replaceable></phrase><phrase condition="yescrypt">,
+ <replaceable>YESCRYPT</replaceable></phrase> and
+ <replaceable>NONE</replaceable>
+ if your libc supports these methods.
</para>
</listitem>
</varlistentry>
</para>
</listitem>
</varlistentry>
- <varlistentry condition="sha_crypt">
+ <varlistentry condition="bcrypt;sha_crypt;yescrypt">
<term><option>-s</option>, <option>--sha-rounds</option></term>
<listitem>
<para>
Use the specified number of rounds to encrypt the passwords.
</para>
<para>
- The value 0 means that the system will choose the default
- number of rounds for the crypt method (5000).
+ You can only use this option with crypt method:
+ <phrase condition="bcrypt">
+ <replaceable>BCRYPT</replaceable></phrase>
+ <phrase condition="sha_crypt">
+ <replaceable>SHA256</replaceable>
+ <replaceable>SHA512</replaceable></phrase>
+ <phrase condition="yescrypt">
+ <replaceable>YESCRYPT</replaceable></phrase>
</para>
- <para>
- A minimal value of 1000 and a maximal value of 999,999,999
- will be enforced.
+ <para condition="bcrypt">
+ By default, the number of rounds for BCRYPT is defined by the
+ BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in
+ <filename>/etc/login.defs</filename>.
</para>
- <para>
- You can only use this option with the SHA256 or SHA512
- crypt method.
+ <para condition="bcrypt">
+ A minimal value of 4 and a maximal value of 31
+ will be enforced for BCRYPT. The default number of rounds is 13.
</para>
- <para>
- By default, the number of rounds is defined by the
- SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
+ <para condition="sha_crypt">
+ By default, the number of rounds for SHA256 or SHA512 is defined by
+ the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
<filename>/etc/login.defs</filename>.
</para>
+ <para condition="sha_crypt">
+ A minimal value of 1000 and a maximal value of 999,999,999
+ will be enforced for SHA256 and SHA512. The default number of rounds
+ is 5000.
+ </para>
+ <para condition="yescrypt">
+ By default, the number of rounds for YESCRYPT is defined by the
+ YESCRYPT_COST_FACTOR in <filename>/etc/login.defs</filename>.
+ </para>
+ <para condition="yescrypt">
+ A minimal value of 1 and a maximal value of 11
+ will be enforced for YESCRYPT. The default number of rounds is 5.
+ </para>
</listitem>
</varlistentry>
</variablelist>
tool:
</para>
<variablelist>
+ &BCRYPT_MIN_ROUNDS; <!--This also document BCRYPT_MAX_ROUNDS-->
&ENCRYPT_METHOD;
&MAX_MEMBERS_PER_GROUP;
&MD5_CRYPT_ENAB;
&SHA_CRYPT_MIN_ROUNDS; <!--This also document SHA_CRYPT_MAX_ROUNDS-->
+ &YESCRYPT_COST_FACTOR;
</variablelist>
</refsect1>
-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY BCRYPT_MIN_ROUNDS SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+<!ENTITY YESCRYPT_COST_FACTOR SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml">
<!-- SHADOW-CONFIG-HERE -->
]>
</term>
<listitem>
<para>Use the specified method to encrypt the passwords.</para>
- <para condition="no_sha_crypt">
- The available methods are DES, MD5, and NONE.
- </para>
- <para condition="sha_crypt">
- The available methods are DES, MD5, NONE, and SHA256 or SHA512
- if your libc support these methods.
+ <para>
+ The available methods are <phrase condition="bcrypt">
+ <replaceable>BCRYPT</replaceable>,</phrase>
+ <replaceable>DES</replaceable>,
+ <replaceable>MD5</replaceable><phrase condition="sha_crypt">,
+ <replaceable>SHA256</replaceable>,
+ <replaceable>SHA512</replaceable></phrase><phrase condition="yescrypt">,
+ <replaceable>YESCRYPT</replaceable></phrase> and
+ <replaceable>NONE</replaceable>
+ if your libc supports these methods.
</para>
<para condition="pam">
By default, PAM is used to encrypt the passwords.
</para>
</listitem>
</varlistentry>
- <varlistentry condition="sha_crypt">
+ <varlistentry condition="bcrypt;sha_crypt;yescrypt">
<term>
<option>-s</option>, <option>--sha-rounds</option> <replaceable>ROUNDS</replaceable>
</term>
Use the specified number of rounds to encrypt the passwords.
</para>
<para>
- The value 0 means that the system will choose the default
- number of rounds for the crypt method (5000).
+ You can only use this option with crypt method:
+ <phrase condition="bcrypt">
+ <replaceable>BCRYPT</replaceable></phrase>
+ <phrase condition="sha_crypt">
+ <replaceable>SHA256</replaceable>
+ <replaceable>SHA512</replaceable></phrase>
+ <phrase condition="yescrypt">
+ <replaceable>YESCRYPT</replaceable></phrase>
</para>
- <para>
- A minimal value of 1000 and a maximal value of 999,999,999
- will be enforced.
+ <para condition="bcrypt">
+ By default, the number of rounds for BCRYPT is defined by the
+ BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in
+ <filename>/etc/login.defs</filename>.
</para>
- <para>
- You can only use this option with the SHA256 or SHA512
- crypt method.
+ <para condition="bcrypt">
+ A minimal value of 4 and a maximal value of 31
+ will be enforced for BCRYPT. The default number of rounds is 13.
</para>
- <para>
- By default, the number of rounds is defined by the
- <option>SHA_CRYPT_MIN_ROUNDS</option> and
- <option>SHA_CRYPT_MAX_ROUNDS</option> variables in
+ <para condition="sha_crypt">
+ By default, the number of rounds for SHA256 or SHA512 is defined by
+ the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
<filename>/etc/login.defs</filename>.
</para>
+ <para condition="sha_crypt">
+ A minimal value of 1000 and a maximal value of 999,999,999
+ will be enforced for SHA256 and SHA512. The default number of rounds
+ is 5000.
+ </para>
+ <para condition="yescrypt">
+ By default, the number of rounds for YESCRYPT is defined by the
+ YESCRYPT_COST_FACTOR in <filename>/etc/login.defs</filename>.
+ </para>
+ <para condition="yescrypt">
+ A minimal value of 1 and a maximal value of 11
+ will be enforced for YESCRYPT. The default number of rounds is 5.
+ </para>
</listitem>
</varlistentry>
</variablelist>
&MD5_CRYPT_ENAB;
</variablelist>
<variablelist>
+ &BCRYPT_MIN_ROUNDS; <!--documents also BCRYPT_MAX_ROUNDS-->
&SHA_CRYPT_MIN_ROUNDS; <!--documents also SHA_CRYPT_MAX_ROUNDS-->
+ &YESCRYPT_COST_FACTOR;
</variablelist>
</refsect1>
SHA_CRYPT_COND=no_sha_crypt
endif
+if USE_BCRYPT
+BCRYPT_COND=bcrypt
+else
+BCRYPT_COND=no_bcrypt
+endif
+
+if USE_YESCRYPT
+YESCRYPT_COND=yescrypt
+else
+YESCRYPT_COND=no_yescrypt
+endif
+
if ENABLE_SUBIDS
SUBIDS_COND=subids
else
fi
man1/% man3/% man5/% man8/%: %.xml-config Makefile config.xml
- $(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(SUBIDS_COND);$(VENDORDIR_COND);$(LASTLOG_COND)" \
+ $(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(BCRYPT_COND);$(YESCRYPT_COND);$(SUBIDS_COND);$(VENDORDIR_COND);$(LASTLOG_COND)" \
--param "man.authors.section.enabled" "0" \
--stringparam "man.output.base.dir" "" \
--stringparam vendordir "$(VENDORDIR)" \
-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY BCRYPT_MIN_ROUNDS SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+<!ENTITY YESCRYPT_COST_FACTOR SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml">
<!-- SHADOW-CONFIG-HERE -->
]>
-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY BCRYPT_MIN_ROUNDS SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
<!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
<!ENTITY USERDEL_CMD SYSTEM "login.defs.d/USERDEL_CMD.xml">
<!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
<!ENTITY USE_TCB SYSTEM "login.defs.d/USE_TCB.xml">
+<!ENTITY YESCRYPT_COST_FACTOR SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml">
<!-- SHADOW-CONFIG-HERE -->
]>
<para>The following configuration items are provided:</para>
<variablelist remap='IP'>
+ &BCRYPT_MIN_ROUNDS; <!-- documents also BCRYPT_MAX_ROUNDS -->
&CHFN_AUTH;
&CHFN_RESTRICT;
&CHSH_AUTH;
&USERDEL_CMD;
&USERGROUPS_ENAB;
&USE_TCB;
+ &YESCRYPT_COST_FACTOR;
</variablelist>
</refsect1>
<term>chgpasswd</term>
<listitem>
<para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
<phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
</para>
</listitem>
</varlistentry>
<term>chpasswd</term>
<listitem>
<para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
<phrase condition="no_pam">ENCRYPT_METHOD
MD5_CRYPT_ENAB </phrase>
<phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
</para>
</listitem>
</varlistentry>
<term>gpasswd</term>
<listitem>
<para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
<phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
</para>
</listitem>
</varlistentry>
<term>newusers</term>
<listitem>
<para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
ENCRYPT_METHOD
GID_MAX GID_MIN
MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN
SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN
UMASK
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
</para>
</listitem>
</varlistentry>
<term>passwd</term>
<listitem>
<para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
<phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
</para>
</listitem>
</varlistentry>
--- /dev/null
+<!--
+ SPDX-FileCopyrightText: 2007 - 2008, Nicolas François
+ SPDX-License-Identifier: BSD-3-Clause
+-->
+<varlistentry condition="bcrypt">
+ <term><option>BCRYPT_MIN_ROUNDS</option> (number)</term>
+ <term><option>BCRYPT_MAX_ROUNDS</option> (number)</term>
+ <listitem>
+ <para>
+ When <option>ENCRYPT_METHOD</option> is set to
+ <replaceable>BCRYPT</replaceable>, this defines the number of
+ BCRYPT rounds used by the encryption algorithm by default (when the
+ number of rounds is not specified on the command line).
+ </para>
+ <para>
+ With a lot of rounds, it is more difficult to brute force the
+ password. But note also that more CPU resources will be needed to
+ authenticate users.
+ </para>
+ <para>
+ The values must be inside the 4-31 range.
+ </para>
+ <para>
+ If only one of the <option>BCRYPT_MIN_ROUNDS</option> or
+ <option>BCRYPT_MAX_ROUNDS</option> values is set, then this value
+ will be used.
+ </para>
+ <para>
+ If <option>BCRYPT_MIN_ROUNDS</option> >
+ <option>BCRYPT_MAX_ROUNDS</option>, the highest value will be
+ used.
+ </para>
+ <para condition="pam">
+ Note: This only affect the generation of group passwords.
+ The generation of user passwords is done by PAM and subject to the
+ PAM configuration. It is recommended to set this variable
+ consistently with the PAM configuration.
+ </para>
+ </listitem>
+</varlistentry>
passwords (if no algorithm are specified on the command line).
</para>
<para>
- It can take one of these values:
+ It can take one of these values: <phrase condition="bcrypt">
+ <replaceable>BCRYPT</replaceable>,</phrase>
<replaceable>DES</replaceable> (default),
<replaceable>MD5</replaceable><phrase condition="sha_crypt">,
<replaceable>SHA256</replaceable>,
- <replaceable>SHA512</replaceable></phrase>.
+ <replaceable>SHA512</replaceable></phrase><phrase condition="yescrypt">,
+ <replaceable>YESCRYPT</replaceable></phrase>.
MD5 and DES should not be used for new hashes, see
<refentrytitle>crypt</refentrytitle><manvolnum>5</manvolnum>
for recommendations.
of rounds is not specified on the command line).
</para>
<para>
- With a lot of rounds, it is more difficult to brute forcing the
+ With a lot of rounds, it is more difficult to brute force the
password. But note also that more CPU resources will be needed to
authenticate users.
</para>
--- /dev/null
+<!--
+ SPDX-FileCopyrightText: 2007 - 2008, Nicolas François
+ SPDX-License-Identifier: BSD-3-Clause
+-->
+<varlistentry condition="yescrypt">
+ <term><option>YESCRYPT_COST_FACTOR</option> (number)</term>
+ <listitem>
+ <para>
+ When <option>ENCRYPT_METHOD</option> is set to
+ <replaceable>YESCRYPT</replaceable>, this defines the cost factor
+ used by the encryption algorithm by default (when the cost factor
+ is not specified on the command line).
+ </para>
+ <para>
+ With a high cost factor, it is more difficult to brute force the
+ password. But note also that more CPU resources will be needed to
+ authenticate users.
+ </para>
+ <para>
+ The value must be inside the 1-11 range.
+ </para>
+ <para condition="pam">
+ Note: This only affect the generation of group passwords.
+ The generation of user passwords is done by PAM and subject to the
+ PAM configuration. It is recommended to set this variable
+ consistently with the PAM configuration.
+ </para>
+ </listitem>
+</varlistentry>
-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY BCRYPT_MIN_ROUNDS SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
<!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
<!ENTITY HOME_MODE SYSTEM "login.defs.d/HOME_MODE.xml">
<!ENTITY SYS_UID_MAX SYSTEM "login.defs.d/SYS_UID_MAX.xml">
<!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
<!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
+<!ENTITY YESCRYPT_COST_FACTOR SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml">
<!-- SHADOW-CONFIG-HERE -->
]>
</varlistentry>
</variablelist>
<variablelist remap='IP' condition="no_pam">
- <varlistentry condition="sha_crypt">
+ <varlistentry condition="bcrypt;sha_crypt;yescrypt">
<term><option>-s</option>, <option>--sha-rounds</option></term>
<listitem>
<para>
Use the specified number of rounds to encrypt the passwords.
</para>
<para>
- The value 0 means that the system will choose the default
- number of rounds for the crypt method (5000).
+ You can only use this option with crypt method:
+ <phrase condition="bcrypt">
+ <replaceable>BCRYPT</replaceable></phrase>
+ <phrase condition="sha_crypt">
+ <replaceable>SHA256</replaceable>
+ <replaceable>SHA512</replaceable></phrase>
+ <phrase condition="yescrypt">
+ <replaceable>YESCRYPT</replaceable></phrase>
</para>
- <para>
- A minimal value of 1000 and a maximal value of 999,999,999
- will be enforced.
+ <para condition="bcrypt">
+ By default, the number of rounds for BCRYPT is defined by the
+ BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS variables in
+ <filename>/etc/login.defs</filename>.
</para>
- <para>
- You can only use this option with the SHA256 or SHA512
- crypt method.
+ <para condition="bcrypt">
+ A minimal value of 4 and a maximal value of 31
+ will be enforced for BCRYPT. The default is 13.
</para>
- <para>
- By default, the number of rounds is defined by the
+ <para condition="sha_crypt">
+ By default, the number of rounds for SHA256 or SHA512 is defined by the
SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
<filename>/etc/login.defs</filename>.
</para>
+ <para condition="sha_crypt">
+ A minimal value of 1000 and a maximal value of 999,999,999
+ will be enforced for SHA256 and SHA512. The default is 5000.
+ </para>
+ <para condition="yescrypt">
+ By default, the number of rounds for YESCRYPT is defined by the
+ YESCRYPT_COST_FACTOR in <filename>/etc/login.defs</filename>.
+ </para>
+ <para condition="yescrypt">
+ A minimal value of 1 and a maximal value of 11
+ will be enforced for YESCRYPT. The default is 5.
+ </para>
</listitem>
</varlistentry>
</variablelist>
-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY BCRYPT_MIN_ROUNDS SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
<!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
<!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
<!ENTITY PASS_MAX_LEN SYSTEM "login.defs.d/PASS_MAX_LEN.xml">
<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+<!ENTITY YESCRYPT_COST_FACTOR SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml">
<!-- SHADOW-CONFIG-HERE -->
]>
<refentry id='passwd.1'>
projects / thirdparty / shadow.git / commitdiff
