Include YESCRYPT options in shipped login.defs

Closes: #991914

1 files changed, 14 insertions, 0 deletions

diff --git a/debian/login.defs b/debian/login.defs
index 824cbaf1..cf0f66b1 100644
--- a/debian/login.defs
+++ b/debian/login.defs
@@ -269,6 +269,7 @@ USERGROUPS_ENAB yes
 # If set to MD5 , MD5-based algorithm will be used for encrypting password
 # If set to SHA256, SHA256-based algorithm will be used for encrypting password
 # If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
 # If set to DES, DES-based algorithm will be used for encrypting password (default)
 # Overrides the MD5_CRYPT_ENAB option
 #
@@ -294,6 +295,19 @@ ENCRYPT_METHOD SHA512
 # SHA_CRYPT_MAX_ROUNDS 5000
 
 #
+# Only works if ENCRYPT_METHOD is set to YESCRYPT.
+#
+# Define the YESCRYPT cost factor.
+# With a higher cost factor, it is more difficult to brute-force the password.
+# However, more CPU time and more memory will be needed to authenticate users
+# if this value is increased.
+#
+# If not specified, a cost factor of 5 will be used.
+# The value must be within the 1-11 range.
+#
+#YESCRYPT_COST_FACTOR 5
+
+#
 # The pwck(8) utility emits a warning for any system account with a home
 # directory that does not exist.  Some system accounts intentionally do
 # not have a home directory.  Such accounts may have this string as