Merge upstream version 1.4.0

1 files changed, 34 insertions, 11 deletions

diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8
index b3808f1a..b396b66c 100644
--- a/modules/pam_unix/pam_unix.8
+++ b/modules/pam_unix/pam_unix.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_unix
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_UNIX" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_UNIX" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -95,6 +95,15 @@ The default action of this module is to not permit the user access to a service
 argument overrides this default\&.
 .RE
 .PP
+\fBnullresetok\fR
+.RS 4
+Allow users to authenticate with blank password if password reset is enforced even if
+\fBnullok\fR
+is not set\&. If password reset is not required and
+\fBnullok\fR
+is not set the authentication with blank password will be denied\&.
+.RE
+.PP
 \fBtry_first_pass\fR
 .RS 4
 Before prompting the user for their password, the module first tries the previous stacked module\*(Aqs password in case that satisfies this module as well\&.
@@ -159,28 +168,42 @@ When a user changes their password next, encrypt it with the DEC C2 algorithm\&.
 .PP
 \fBsha256\fR
 .RS 4
-When a user changes their password next, encrypt it with the SHA256 algorithm\&. If the SHA256 algorithm is not known to the
+When a user changes their password next, encrypt it with the SHA256 algorithm\&. The SHA256 algorithm must be supported by the
 \fBcrypt\fR(3)
-function, fall back to MD5\&.
+function\&.
 .RE
 .PP
 \fBsha512\fR
 .RS 4
-When a user changes their password next, encrypt it with the SHA512 algorithm\&. If the SHA512 algorithm is not known to the
+When a user changes their password next, encrypt it with the SHA512 algorithm\&. The SHA512 algorithm must be supported by the
 \fBcrypt\fR(3)
-function, fall back to MD5\&.
+function\&.
 .RE
 .PP
 \fBblowfish\fR
 .RS 4
-When a user changes their password next, encrypt it with the blowfish algorithm\&. If the blowfish algorithm is not known to the
+When a user changes their password next, encrypt it with the blowfish algorithm\&. The blowfish algorithm must be supported by the
+\fBcrypt\fR(3)
+function\&.
+.RE
+.PP
+\fBgost_yescrypt\fR
+.RS 4
+When a user changes their password next, encrypt it with the gost\-yescrypt algorithm\&. The gost\-yescrypt algorithm must be supported by the
+\fBcrypt\fR(3)
+function\&.
+.RE
+.PP
+\fByescrypt\fR
+.RS 4
+When a user changes their password next, encrypt it with the yescrypt algorithm\&. The yescrypt algorithm must be supported by the
 \fBcrypt\fR(3)
-function, fall back to MD5\&.
+function\&.
 .RE
 .PP
 \fBrounds=\fR\fB\fIn\fR\fR
 .RS 4
-Set the optional number of rounds of the SHA256, SHA512 and blowfish password hashing algorithms to
+Set the optional number of rounds of the SHA256, SHA512, blowfish, gost\-yescrypt, and yescrypt password hashing algorithms to
 \fIn\fR\&.
 .RE
 .PP
@@ -243,7 +266,7 @@ account    required   pam_unix\&.so
 # Change the user\*(Aqs password, but at first check the strength
 # with pam_cracklib(8)
 password   required   pam_cracklib\&.so retry=3 minlen=6 difok=3
-password   required   pam_unix\&.so use_authtok nullok md5
+password   required   pam_unix\&.so use_authtok nullok yescrypt
 session    required   pam_unix\&.so
       
 .fi