diff options
Diffstat (limited to 'modules/pam_unix/pam_unix.8')
| -rw-r--r-- | modules/pam_unix/pam_unix.8 | 45 |
1 files changed, 34 insertions, 11 deletions
diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8 index b3808f1a..b396b66c 100644 --- a/modules/pam_unix/pam_unix.8 +++ b/modules/pam_unix/pam_unix.8 @@ -1,13 +1,13 @@ '\" t .\" Title: pam_unix .\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 05/18/2017 +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 06/08/2020 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "PAM_UNIX" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_UNIX" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -95,6 +95,15 @@ The default action of this module is to not permit the user access to a service argument overrides this default\&. .RE .PP +\fBnullresetok\fR +.RS 4 +Allow users to authenticate with blank password if password reset is enforced even if +\fBnullok\fR +is not set\&. If password reset is not required and +\fBnullok\fR +is not set the authentication with blank password will be denied\&. +.RE +.PP \fBtry_first_pass\fR .RS 4 Before prompting the user for their password, the module first tries the previous stacked module\*(Aqs password in case that satisfies this module as well\&. @@ -159,28 +168,42 @@ When a user changes their password next, encrypt it with the DEC C2 algorithm\&. .PP \fBsha256\fR .RS 4 -When a user changes their password next, encrypt it with the SHA256 algorithm\&. If the SHA256 algorithm is not known to the +When a user changes their password next, encrypt it with the SHA256 algorithm\&. The SHA256 algorithm must be supported by the \fBcrypt\fR(3) -function, fall back to MD5\&. +function\&. .RE .PP \fBsha512\fR .RS 4 -When a user changes their password next, encrypt it with the SHA512 algorithm\&. If the SHA512 algorithm is not known to the +When a user changes their password next, encrypt it with the SHA512 algorithm\&. The SHA512 algorithm must be supported by the \fBcrypt\fR(3) -function, fall back to MD5\&. +function\&. .RE .PP \fBblowfish\fR .RS 4 -When a user changes their password next, encrypt it with the blowfish algorithm\&. If the blowfish algorithm is not known to the +When a user changes their password next, encrypt it with the blowfish algorithm\&. The blowfish algorithm must be supported by the +\fBcrypt\fR(3) +function\&. +.RE +.PP +\fBgost_yescrypt\fR +.RS 4 +When a user changes their password next, encrypt it with the gost\-yescrypt algorithm\&. The gost\-yescrypt algorithm must be supported by the +\fBcrypt\fR(3) +function\&. +.RE +.PP +\fByescrypt\fR +.RS 4 +When a user changes their password next, encrypt it with the yescrypt algorithm\&. The yescrypt algorithm must be supported by the \fBcrypt\fR(3) -function, fall back to MD5\&. +function\&. .RE .PP \fBrounds=\fR\fB\fIn\fR\fR .RS 4 -Set the optional number of rounds of the SHA256, SHA512 and blowfish password hashing algorithms to +Set the optional number of rounds of the SHA256, SHA512, blowfish, gost\-yescrypt, and yescrypt password hashing algorithms to \fIn\fR\&. .RE .PP @@ -243,7 +266,7 @@ account required pam_unix\&.so # Change the user\*(Aqs password, but at first check the strength # with pam_cracklib(8) password required pam_cracklib\&.so retry=3 minlen=6 difok=3 -password required pam_unix\&.so use_authtok nullok md5 +password required pam_unix\&.so use_authtok nullok yescrypt session required pam_unix\&.so .fi |