pool/shadow
SHA256
11
0
Fork 2
Code Issues Pull Requests Activity
Files
3e975d023a75b2b9864ecb12a64bb59e480eb37634bcf4ead554f5fc68c637c8
shadow/shadow-login_defs-comments.patch
Michael Vetter 4e43c817a1 Accepting request 700494 from home:sbrabec:branches:util-linux-2.33.1 
- Split shadow-login_defs.patch hunks to its logical components
  (bsc#1121197):
  * shadow-login_defs-unused-by-pam.patch
  * shadow-login_defs-comments.patch
  * shadow-login_defs-util-linux.patch
  * shadow-login_defs-suse.patch
  * Move appropriate hunks to chkname-regex.patch and
    encryption_method_nis.patch
  * Remove GROUPADD_CMD that is not supported (bsc#1121197#c14).
- Split getdef-new-defs.patch hunks to its logical components
  (bsc#1121197):
  * encryption_method_nis.patch
  * chkname-regex.patch
  * shadow-util-linux.patch
    Add support for login: ALWAYS_SET_PATH and LOGIN_PLAIN_PROMPT.
  * useradd-script.patch, userdel-script.patch
  * Remove duplicated definitions of MOTD_FILE and ENV_PATH.
- Add shadow-login_defs-unused-check.sh to allow verification of
  login.defs variable usage (bsc#1121197).
- Add virtual symbols for login.defs compatibility (bsc#1121197).

OBS-URL: https://build.opensuse.org/request/show/700494
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=63
2019-05-06 07:58:15 +00:00

88 lines
2.7 KiB
Diff
Raw Blame History

Improve comments in login.defs.
Index: etc/login.defs
===================================================================
--- etc/login.defs.orig
+++ etc/login.defs
@@ -3,8 +3,6 @@
# Some variables are used by login(1), su(1) and runuser(1) from util-linux
# package as well pam pam_unix(8) from pam package.
#
-# $Id$
-#
#
# Delay in seconds before being allowed another attempt after a login failure
@@ -79,11 +77,14 @@ ENV_PATH /bin:/usr/bin
ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin
#ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin
-# If this variable is set to "yes", su will always set path. every su
-# call will overwrite the PATH variable.
+# If this variable is set to "yes" (default is "no"), su will always set
+# path. every su call will overwrite the PATH variable.
#
# Per default, only "su -" will set a new PATH.
#
+# The recommended value is "yes". The default "no" behavior could have
+# a security implication in applications that use commands without path.
+#
ALWAYS_SET_PATH no
#
@@ -123,6 +124,11 @@ PASS_WARN_AGE 7
#
# Min/max values for automatic uid selection in useradd(8)
#
+# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
+# UIDs for dynamically allocated administrative and system accounts.
+# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically
+# allocated user accounts.
+#
UID_MIN 1000
UID_MAX 60000
# System accounts
@@ -136,6 +142,11 @@ SUB_UID_COUNT 65536
#
# Min/max values for automatic gid selection in groupadd(8)
#
+# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
+# GIDs for dynamically allocated administrative and system groups.
+# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically
+# allocated groups.
+#
GID_MIN 1000
GID_MAX 60000
# System accounts
@@ -165,7 +176,6 @@ LOGIN_TIMEOUT 60
CHFN_RESTRICT rwh
#
-# Only works if compiled with MD5_CRYPT defined:
# If set to "yes", new passwords will be encrypted using the MD5-based
# algorithm compatible with the one used by recent releases of FreeBSD.
# It supports passwords of unlimited length and longer salt strings.
@@ -180,7 +190,6 @@ CHFN_RESTRICT rwh
#MD5_CRYPT_ENAB no
#
-# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
# If set to MD5, MD5-based algorithm will be used for encrypting password
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
@@ -196,6 +205,14 @@ CHFN_RESTRICT rwh
#ENCRYPT_METHOD_NIS DES
#
+# Number of rounds for salt.
+# Default values:
+# Minimum number of rounds.
+#SHA_CRYPT_MIN_ROUNDS 1000
+# Maximum number of rounds.
+#SHA_CRYPT_MAX_ROUNDS 999999999
+
+#
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
#
# Define the number of SHA rounds.
Reference in New Issue View Git Blame Copy Permalink