man/man5/passwd.conf.5

.\"	$NetBSD: passwd.conf.5,v 1.13 2021/10/26 20:44:45 nia Exp $
.\"
.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"      This product includes software developed by Niels Provos.
.\" 4. The name of the author may not be used to endorse or promote products
.\"    derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd October 26, 2021
.Dt PASSWD.CONF 5
.Os
.Sh NAME
.Nm passwd.conf
.Nd password encryption configuration file
.Sh SYNOPSIS
.Nm
.Sh DESCRIPTION
The
.Pa /etc/passwd.conf
file, consisting of
.Dq stanzas ,
describes the configuration of the password cipher used
to encrypt local or YP passwords.
.Pp
There are default, user and group specific stanzas.
If no user or group
stanza to a specific option is available, the default stanza
is used.
.Pp
To differentiate between user and group stanzas, groups are prefixed
with a single colon
.Pq Sq \&: .
.Pp
Some fields and their possible values that can appear in this file are:
.Bl -tag -width localcipher
.It Sy localcipher
The cipher to use for local passwords.
.Pp
Possible values are:
.Dq argon2d,<t=X,m=Y,p=Z> ,
.Dq argon2i,<t=X,m=Y,p=Z> ,
.Dq argon2id,<t=X,m=Y,p=Z> ,
.Dq old ,
.Dq newsalt,<rounds> ,
.Dq md5 ,
.Dq sha1,<rounds> ,
and
.Dq blowfish,<rounds> .
.Pp
For
.Dq argon2d ,
.Dq argon2i ,
and
.Dq argon2id ,
optional hardness parameters can be specified as described in the
manual for
.Xr pwhash 1 .
.Pp
For
.Dq newsalt
the value of rounds is a 24-bit integer with a minimum of 7250 rounds.
.Pp
For
.Dq sha1
the value of rounds is a 32-bit integer, 0 means use the default
of 24680.
.Pp
For
.Dq blowfish
the value can be between 4 and 31.
It specifies the base 2 logarithm of the number of rounds.
.Pp
If not specified, the default value is
.Dq old .
.It Sy ypcipher
The cipher to use for YP passwords.
.Pp
The possible values are the same as for localcipher.
.Pp
If not specified, the default value is
.Dq old .
.El
.Pp
To retrieve information from this file use
.Xr pw_getconf 3 .
.Sh FILES
.Bl -tag -width /etc/passwd.conf -compact
.It Pa /etc/passwd.conf
.El
.Sh EXAMPLES
Use SHA1 as the local cipher and old-style DES as the YP cipher.
Use blowfish with 2^5 rounds for root:
.Bd -literal
 default:
      localcipher = sha1
      ypcipher = old

 root:
      localcipher = blowfish,5
.Ed
.Sh SEE ALSO
.Xr passwd 1 ,
.Xr pwhash 1 ,
.Xr pw_getconf 3 ,
.Xr passwd 5
.Sh HISTORY
The
.Nm
configuration file first appeared in
.Nx 1.6 .
.Pp
The default value of
.Sy localcipher
was set to
.Dq sha1
in
.Pa /etc/passwd.conf
starting from
.Nx 6.0 .
.Pp
The default value of
.Sy localcipher
was set to
.Dq argon2id
in
.Pa /etc/passwd.conf
starting from
.Nx 10.0 .