diff options
Diffstat (limited to 'modules/pam_unix/pam_unix.8.xml')
| -rw-r--r-- | modules/pam_unix/pam_unix.8.xml | 69 |
1 files changed, 54 insertions, 15 deletions
diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml index 1b318f11..fa02c3a6 100644 --- a/modules/pam_unix/pam_unix.8.xml +++ b/modules/pam_unix/pam_unix.8.xml @@ -165,6 +165,19 @@ </varlistentry> <varlistentry> <term> + <option>nullresetok</option> + </term> + <listitem> + <para> + Allow users to authenticate with blank password if password reset + is enforced even if <option>nullok</option> is not set. If password + reset is not required and <option>nullok</option> is not set the + authentication with blank password will be denied. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> <option>try_first_pass</option> </term> <listitem> @@ -293,11 +306,10 @@ <listitem> <para> When a user changes their password next, - encrypt it with the SHA256 algorithm. If the - SHA256 algorithm is not known to the <citerefentry> + encrypt it with the SHA256 algorithm. The + SHA256 algorithm must be supported by the <citerefentry> <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> function, - fall back to MD5. + </citerefentry> function. </para> </listitem> </varlistentry> @@ -308,11 +320,10 @@ <listitem> <para> When a user changes their password next, - encrypt it with the SHA512 algorithm. If the - SHA512 algorithm is not known to the <citerefentry> + encrypt it with the SHA512 algorithm. The + SHA512 algorithm must be supported by the <citerefentry> <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> function, - fall back to MD5. + </citerefentry> function. </para> </listitem> </varlistentry> @@ -323,11 +334,38 @@ <listitem> <para> When a user changes their password next, - encrypt it with the blowfish algorithm. If the - blowfish algorithm is not known to the <citerefentry> + encrypt it with the blowfish algorithm. The + blowfish algorithm must be supported by the <citerefentry> + <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> function. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>gost_yescrypt</option> + </term> + <listitem> + <para> + When a user changes their password next, + encrypt it with the gost-yescrypt algorithm. The + gost-yescrypt algorithm must be supported by the <citerefentry> + <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> function. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>yescrypt</option> + </term> + <listitem> + <para> + When a user changes their password next, + encrypt it with the yescrypt algorithm. The + yescrypt algorithm must be supported by the <citerefentry> <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> function, - fall back to MD5. + </citerefentry> function. </para> </listitem> </varlistentry> @@ -337,8 +375,9 @@ </term> <listitem> <para> - Set the optional number of rounds of the SHA256, SHA512 - and blowfish password hashing algorithms to + Set the optional number of rounds of the SHA256, SHA512, + blowfish, gost-yescrypt, and yescrypt password hashing + algorithms to <replaceable>n</replaceable>. </para> </listitem> @@ -428,7 +467,7 @@ account required pam_unix.so # Change the user's password, but at first check the strength # with pam_cracklib(8) password required pam_cracklib.so retry=3 minlen=6 difok=3 -password required pam_unix.so use_authtok nullok md5 +password required pam_unix.so use_authtok nullok yescrypt session required pam_unix.so </programlisting> </para> |