1.\" $NetBSD: passwd.conf.5,v 1.11 2017/07/03 21:30:59 wiz Exp $ 2.\" 3.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. All advertising materials mentioning features or use of this software 15.\" must display the following acknowledgement: 16.\" This product includes software developed by Niels Provos. 17.\" 4. The name of the author may not be used to endorse or promote products 18.\" derived from this software without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30.\" 31.Dd December 3, 2010 32.Dt PASSWD.CONF 5 33.Os 34.Sh NAME 35.Nm passwd.conf 36.Nd password encryption configuration file 37.Sh SYNOPSIS 38.Nm 39.Sh DESCRIPTION 40The 41.Pa /etc/passwd.conf 42file, consisting of 43.Dq stanzas , 44describes the configuration of the password cipher used 45to encrypt local or YP passwords. 46.Pp 47There are default, user and group specific stanzas. 48If no user or group 49stanza to a specific option is available, the default stanza 50is used. 51.Pp 52To differentiate between user and group stanzas, groups are prefixed 53with a single colon 54.Pq Sq \&: . 55.Pp 56Some fields and their possible values that can appear in this file are: 57.Bl -tag -width localcipher 58.It Sy localcipher 59The cipher to use for local passwords. 60.Pp 61Possible values are: 62.Dq old , 63.Dq newsalt,<rounds> , 64.Dq md5 , 65.Dq sha1,<rounds> , 66and 67.Dq blowfish,<rounds> . 68For 69.Dq newsalt 70the value of rounds is a 24-bit integer with a minimum of 7250 rounds. 71For 72.Dq sha1 73the value of rounds is a 32-bit integer, 0 means use the default 74of 24680. 75For 76.Dq blowfish 77the value can be between 4 and 31. 78It specifies the base 2 logarithm of the number of rounds. 79.Pp 80If not specified, the default value is 81.Dq old . 82.It Sy ypcipher 83The cipher to use for YP passwords. 84.Pp 85The possible values are the same as for localcipher. 86.Pp 87If not specified, the default value is 88.Dq old . 89.El 90.Pp 91To retrieve information from this file use 92.Xr pw_getconf 3 . 93.Sh FILES 94.Bl -tag -width /etc/passwd.conf -compact 95.It Pa /etc/passwd.conf 96.El 97.Sh EXAMPLES 98Use SHA1 as the local cipher and old-style DES as the YP cipher. 99Use blowfish with 2^5 rounds for root: 100.Bd -literal 101 default: 102 localcipher = sha1 103 ypcipher = old 104 105 root: 106 localcipher = blowfish,5 107.Ed 108.Sh SEE ALSO 109.Xr passwd 1 , 110.Xr pwhash 1 , 111.Xr pw_getconf 3 , 112.Xr passwd 5 113.Sh HISTORY 114The 115.Nm 116configuration file first appeared in 117.Nx 1.6 . 118.Pp 119The default value of 120.Sy localcipher 121was set to 122.Dq sha1 123in 124.Pa /etc/passwd.conf 125starting from 126.Nx 6.0 . 127