Add variables referred by util-linux login, runuser and su, but not by shadow. Delete variables used by shadow implementation of login, su and runuser that has no use in util-linux implementation. Index: etc/login.defs =================================================================== --- etc/login.defs.orig +++ etc/login.defs @@ -1,5 +1,7 @@ # # /etc/login.defs - Configuration control definitions for the shadow package. +# Some variables are used by login(1), su(1) and runuser(1) from util-linux +# package as well pam pam_unix(8) from pam package. # # $Id$ # @@ -17,9 +19,8 @@ FAIL_DELAY 3 LOG_UNKFAIL_ENAB no # -# Enable logging of successful logins +# Enable "syslog" logging of newgrp(1) and sg(1) activity. # -LOG_OK_LOGINS no # # Limit the highest user ID number for which the lastlog entries should @@ -31,10 +32,9 @@ LOG_OK_LOGINS no #LASTLOG_UID_MAX # -# Enable "syslog" logging of su(1) activity - in addition to sulog file logging. -# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1). +# Enable "syslog" logging of newgrp(1) and sg(1) activity - in addition +# to sulog file logging. # -SYSLOG_SU_ENAB yes SYSLOG_SG_ENAB yes # @@ -58,6 +58,12 @@ MOTD_FILE /etc/motd #MOTD_FILE /etc/motd:/usr/lib/news/news-motd # +# If set to "yes", login stops display content specified by MOTD_FILE after +# the first accessible item in the list. +# +#MOTD_FIRSTONLY no + +# # If defined, file which maps tty line to TERM environment parameter. # Each line of the file is in a format similar to "vt100 tty01". # @@ -72,12 +78,33 @@ MOTD_FILE /etc/motd HUSHLOGIN_FILE .hushlogin #HUSHLOGIN_FILE /etc/hushlogins +# If this variable is set to "yes", hostname will be suppressed in the +# login: prompt. +#LOGIN_PLAIN_PROMPT no + # # *REQUIRED* The default PATH settings, for superuser and normal users. # # (they are minimal, add the rest in the shell startup files) -ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin -ENV_PATH PATH=/bin:/usr/bin +# +# ENV_PATH: The default PATH settings for non-root. +# +# ENV_ROOTPATH: The default PATH settings for root +# (used by login, su and runuser). +# +# ENV_SUPATH is an ENV_ROOTPATH override for su and runuser +# (and falback for login). +# +ENV_PATH /bin:/usr/bin +ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin +#ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin + +# If this variable is set to "yes", su will always set path. every su +# call will overwrite the PATH variable. +# +# Per default, only "su -" will set a new PATH. +# +ALWAYS_SET_PATH no # # Terminal permissions @@ -93,19 +120,6 @@ ENV_PATH PATH=/bin:/usr/bin TTYGROUP tty TTYPERM 0600 -# -# Login configuration initializations: -# -# ERASECHAR Terminal ERASE character ('\010' = backspace). -# KILLCHAR Terminal KILL character ('\025' = CTRL/U). -# -# The ERASECHAR and KILLCHAR are used only on System V machines. -# -# Prefix these values with "0" to get octal, "0x" to get hexadecimal. -# -ERASECHAR 0177 -KILLCHAR 025 - # Default initial "umask" value used by login(1) on non-PAM enabled systems. # Default "umask" value for pam_umask(8) on PAM enabled systems. # UMASK is also used by useradd(8) and newusers(8) to set the mode for new @@ -163,6 +177,12 @@ SUB_GID_COUNT 65536 LOGIN_RETRIES 5 # +# Tell login to only re-prompt for the password if authentication +# failed, but the username is valid. The default value is no. +# +LOGIN_KEEP_USERNAME no + +# # Max time in seconds for login(1) # LOGIN_TIMEOUT 60 @@ -315,15 +335,6 @@ CHARACTER_CLASS [ABCDEFGHIJKLMNO #GRANT_AUX_GROUP_SUBIDS yes # -# Prevents an empty password field to be interpreted as "no authentication -# required". -# Set to "yes" to prevent for all accounts -# Set to "superuser" to prevent for UID 0 / root (default) -# Set to "no" to not prevent for any account (dangerous, historical default) - -PREVENT_NO_AUTH superuser - -# # Select the HMAC cryptography algorithm. # Used in pam_timestamp module to calculate the keyed-hash message # authentication code.