passwd.conf(5) - NetBSD Manual Pages

Command: Section: Arch: Collection:   
PASSWD.CONF(5)            NetBSD File Formats Manual            PASSWD.CONF(5)


NAME

     passwd.conf -- password encryption configuration file


SYNOPSIS

     passwd.conf


DESCRIPTION

     The /etc/passwd.conf file, consisting of ``stanzas'', describes the con-
     figuration of the password cipher used to encrypt local or YP passwords.

     There are default, user and group specific stanzas.  If no user or group
     stanza to a specific option is available, the default stanza is used.

     To differentiate between user and group stanzas, groups are prefixed with
     a single colon (`:').

     Some fields and their possible values that can appear in this file are:

     localcipher  The cipher to use for local passwords.

                  Possible values are: ``argon2d,<t=X,m=Y,p=Z>'',
                  ``argon2i,<t=X,m=Y,p=Z>'', ``argon2id,<t=X,m=Y,p=Z>'',
                  ``old'', ``newsalt,<rounds>'', ``md5'', ``sha1,<rounds>'',
                  and ``blowfish,<rounds>''.

                  For ``argon2d'', ``argon2i'', and ``argon2id'', optional
                  hardness parameters can be specified as described in the
                  manual for pwhash(1).

                  For ``newsalt'' the value of rounds is a 24-bit integer with
                  a minimum of 7250 rounds.

                  For ``sha1'' the value of rounds is a 32-bit integer, 0
                  means use the default of 24680.

                  For ``blowfish'' the value can be between 4 and 31.  It
                  specifies the base 2 logarithm of the number of rounds.

                  If not specified, the default value is ``old''.

     ypcipher     The cipher to use for YP passwords.

                  The possible values are the same as for localcipher.

                  If not specified, the default value is ``old''.

     To retrieve information from this file use pw_getconf(3).


FILES

     /etc/passwd.conf


EXAMPLES

     Use SHA1 as the local cipher and old-style DES as the YP cipher.  Use
     blowfish with 2^5 rounds for root:

      default:
           localcipher = sha1
           ypcipher = old

      root:
           localcipher = blowfish,5


SEE ALSO

     passwd(1), pwhash(1), pw_getconf(3), passwd(5)


HISTORY

     The passwd.conf configuration file first appeared in NetBSD 1.6.

     The default value of localcipher was set to ``sha1'' in /etc/passwd.conf
     starting from NetBSD 6.0.

     The default value of localcipher was set to ``argon2id'' in
     /etc/passwd.conf starting from NetBSD 10.0.

NetBSD 10.99                   October 26, 2021                   NetBSD 10.99
Powered by man-cgi (2021-06-01). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.