diff options
| author | Balint Reczey <balint@balintreczey.hu> | 2021-11-07 15:18:49 +0100 |
|---|---|---|
| committer | Balint Reczey <balint@balintreczey.hu> | 2021-11-07 15:18:49 +0100 |
| commit | 749c1780621163ca5108f164861324bafa9e0ae8 (patch) | |
| tree | 51001872624a692018c45bf39276df94b603fb19 /etc | |
| parent | d906ecd3b652d95af6ffb974a2f6669501bb9496 (diff) | |
| download | shadow-749c1780621163ca5108f164861324bafa9e0ae8.tar.gz | |
New upstream version 4.9upstream/4.9
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/Makefile.am | 3 | ||||
| -rw-r--r-- | etc/Makefile.in | 36 | ||||
| -rw-r--r-- | etc/login.defs | 53 | ||||
| -rw-r--r-- | etc/pam.d/Makefile.in | 30 | ||||
| -rw-r--r-- | etc/useradd | 8 |
5 files changed, 90 insertions, 40 deletions
diff --git a/etc/Makefile.am b/etc/Makefile.am index cc31c609..c5c0620b 100644 --- a/etc/Makefile.am +++ b/etc/Makefile.am @@ -4,8 +4,7 @@ sysconf_DATA = login.defs defaultdir = $(sysconfdir)/default -default_DATA = \ - useradd +default_DATA = nonpam_files = \ limits \ diff --git a/etc/Makefile.in b/etc/Makefile.in index 58ec0cce..464eee9b 100644 --- a/etc/Makefile.in +++ b/etc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.15.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2017 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -93,8 +93,14 @@ build_triplet = @build@ host_triplet = @host@ subdir = etc ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \ - $(top_srcdir)/configure.ac +am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ + $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ + $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) @@ -166,7 +172,7 @@ am__recursive_targets = \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ - distdir distdir-am + distdir am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is @@ -240,7 +246,6 @@ ECONF_CPPFLAGS = @ECONF_CPPFLAGS@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ -GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ @@ -269,9 +274,14 @@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBSEMANAGE = @LIBSEMANAGE@ LIBSKEY = @LIBSKEY@ +LIBSUBID_ABI = @LIBSUBID_ABI@ +LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@ +LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@ +LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@ LIBTCB = @LIBTCB@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ +LIYESCRYPT = @LIYESCRYPT@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ @@ -309,7 +319,6 @@ VENDORDIR = @VENDORDIR@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ -XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ @@ -371,9 +380,7 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ sysconf_DATA = login.defs defaultdir = $(sysconfdir)/default -default_DATA = \ - useradd - +default_DATA = nonpam_files = \ limits \ login.access @@ -406,8 +413,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) @@ -587,10 +594,7 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -distdir: $(BUILT_SOURCES) - $(MAKE) $(AM_MAKEFLAGS) distdir-am - -distdir-am: $(DISTFILES) +distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ diff --git a/etc/login.defs b/etc/login.defs index a2f8cd50..94a2b1bc 100644 --- a/etc/login.defs +++ b/etc/login.defs @@ -295,7 +295,7 @@ CHFN_AUTH yes # any combination of letters "frwh" (full name, room number, work # phone, home phone). If not defined, no changes are allowed. # For backward compatibility, "yes" = "rwh" and "no" = "frwh". -# +# CHFN_RESTRICT rwh # @@ -326,7 +326,9 @@ CHFN_RESTRICT rwh # If set to SHA256, SHA256-based algorithm will be used for encrypting password # If set to SHA512, SHA512-based algorithm will be used for encrypting password # If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password +# If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password # If set to DES, DES-based algorithm will be used for encrypting password (default) +# MD5 and DES should not be used for new hashes, see crypt(5) for recommendations. # Overrides the MD5_CRYPT_ENAB option # # Note: If you use PAM, it is recommended to use a value consistent with @@ -342,7 +344,8 @@ CHFN_RESTRICT rwh # However, more CPU resources will be needed to authenticate users if # this value is increased. # -# If not specified, the libc will choose the default number of rounds (5000). +# If not specified, the libc will choose the default number of rounds (5000), +# which is orders of magnitude too low for modern hardware. # The values must be within the 1000-999999999 range. # If only one of the MIN or MAX values is set, then this value will be used. # If MIN > MAX, the highest value will be used. @@ -366,6 +369,19 @@ CHFN_RESTRICT rwh #BCRYPT_MAX_ROUNDS 13 # +# Only works if ENCRYPT_METHOD is set to YESCRYPT. +# +# Define the YESCRYPT cost factor. +# With a higher cost factor, it is more difficult to brute-force the password. +# However, more CPU time and more memory will be needed to authenticate users +# if this value is increased. +# +# If not specified, a cost factor of 5 will be used. +# The value must be within the 1-11 range. +# +#YESCRYPT_COST_FACTOR 5 + +# # List of groups to add to the user's supplementary group set # when logging in from the console (as determined by the CONSOLE # setting). Default is none. @@ -383,6 +399,14 @@ CHFN_RESTRICT rwh DEFAULT_HOME yes # +# The pwck(8) utility emits a warning for any system account with a home +# directory that does not exist. Some system accounts intentionally do +# not have a home directory. Such accounts may have this string as +# their home directory in /etc/passwd to avoid a spurious warning. +# +NONEXISTENT /nonexistent + +# # If this file exists and is readable, login environment will be # read from it. Every line should be in the form name=value. # @@ -428,3 +452,28 @@ USERGROUPS_ENAB yes # missing. # #FORCE_SHADOW yes + +# +# Allow newuidmap and newgidmap when running under an alternative +# primary group. +# +#GRANT_AUX_GROUP_SUBIDS yes + +# +# Prevents an empty password field to be interpreted as "no authentication +# required". +# Set to "yes" to prevent for all accounts +# Set to "superuser" to prevent for UID 0 / root (default) +# Set to "no" to not prevent for any account (dangerous, historical default) + +PREVENT_NO_AUTH superuser + +# +# Select the HMAC cryptography algorithm. +# Used in pam_timestamp module to calculate the keyed-hash message +# authentication code. +# +# Note: It is recommended to check hmac(3) to see the possible algorithms +# that are available in your system. +# +#HMAC_CRYPTO_ALGO SHA512 diff --git a/etc/pam.d/Makefile.in b/etc/pam.d/Makefile.in index fcb4e864..c0dc38b0 100644 --- a/etc/pam.d/Makefile.in +++ b/etc/pam.d/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.15.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2017 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -95,8 +95,14 @@ host_triplet = @host@ @WITH_SU_TRUE@am__append_2 = su subdir = etc/pam.d ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \ - $(top_srcdir)/configure.ac +am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ + $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ + $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) @@ -181,7 +187,6 @@ ECONF_CPPFLAGS = @ECONF_CPPFLAGS@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ -GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ @@ -210,9 +215,14 @@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBSEMANAGE = @LIBSEMANAGE@ LIBSKEY = @LIBSKEY@ +LIBSUBID_ABI = @LIBSUBID_ABI@ +LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@ +LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@ +LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@ LIBTCB = @LIBTCB@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ +LIYESCRYPT = @LIYESCRYPT@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ @@ -250,7 +260,6 @@ VENDORDIR = @VENDORDIR@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ -XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ @@ -346,8 +355,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) @@ -392,10 +401,7 @@ ctags CTAGS: cscope cscopelist: -distdir: $(BUILT_SOURCES) - $(MAKE) $(AM_MAKEFLAGS) distdir-am - -distdir-am: $(DISTFILES) +distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ diff --git a/etc/useradd b/etc/useradd deleted file mode 100644 index b77dd856..00000000 --- a/etc/useradd +++ /dev/null @@ -1,8 +0,0 @@ -# useradd defaults file -GROUP=1000 -HOME=/home -INACTIVE=-1 -EXPIRE= -SHELL=/bin/bash -SKEL=/etc/skel -CREATE_MAIL_SPOOL=yes |