diff options
| author | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 14:54:29 -0700 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 14:54:29 -0700 |
| commit | f6d08ed47a3da3c08345bce2ca366e961c52ad7c (patch) | |
| tree | dcbd0efb229b17f696f7195671f05b354b4f70fc /modules/pam_unix/README | |
| parent | 668b13da8f830c38388cecac45539972e80cb246 (diff) | |
| parent | 9e5bea9e146dee574796259ca464ad2435be3590 (diff) | |
| download | pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.tar.gz pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.tar.bz2 pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.zip | |
New upstream version 1.4.0
Diffstat (limited to 'modules/pam_unix/README')
| -rw-r--r-- | modules/pam_unix/README | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/modules/pam_unix/README b/modules/pam_unix/README index 651ed9c8..a87f34a5 100644 --- a/modules/pam_unix/README +++ b/modules/pam_unix/README @@ -69,6 +69,12 @@ nullok service if their official password is blank. The nullok argument overrides this default. +nullresetok + + Allow users to authenticate with blank password if password reset is + enforced even if nullok is not set. If password reset is not required and + nullok is not set the authentication with blank password will be denied. + try_first_pass Before prompting the user for their password, the module first tries the @@ -128,25 +134,35 @@ bigcrypt sha256 When a user changes their password next, encrypt it with the SHA256 - algorithm. If the SHA256 algorithm is not known to the crypt(3) function, - fall back to MD5. + algorithm. The SHA256 algorithm must be supported by the crypt(3) function. sha512 When a user changes their password next, encrypt it with the SHA512 - algorithm. If the SHA512 algorithm is not known to the crypt(3) function, - fall back to MD5. + algorithm. The SHA512 algorithm must be supported by the crypt(3) function. blowfish When a user changes their password next, encrypt it with the blowfish - algorithm. If the blowfish algorithm is not known to the crypt(3) function, - fall back to MD5. + algorithm. The blowfish algorithm must be supported by the crypt(3) + function. + +gost_yescrypt + + When a user changes their password next, encrypt it with the gost-yescrypt + algorithm. The gost-yescrypt algorithm must be supported by the crypt(3) + function. + +yescrypt + + When a user changes their password next, encrypt it with the yescrypt + algorithm. The yescrypt algorithm must be supported by the crypt(3) + function. rounds=n - Set the optional number of rounds of the SHA256, SHA512 and blowfish - password hashing algorithms to n. + Set the optional number of rounds of the SHA256, SHA512, blowfish, + gost-yescrypt, and yescrypt password hashing algorithms to n. broken_shadow @@ -180,7 +196,7 @@ account required pam_unix.so # Change the user's password, but at first check the strength # with pam_cracklib(8) password required pam_cracklib.so retry=3 minlen=6 difok=3 -password required pam_unix.so use_authtok nullok md5 +password required pam_unix.so use_authtok nullok yescrypt session required pam_unix.so |