login.defs

TriggerTek Logo
abcdefghijklmnopqrstuvwxyz_
LOGIN.DEFS(5)							LOGIN.DEFS(5)



NAME
       /etc/login.defs - shadow password suite configuration

DESCRIPTION
       The  /etc/login.defs  file defines the site-specific configuration for
       the shadow password suite.  This file is required.   Absence  of	 this
       file  will  not	prevent system operation, but will probably result in
       undesirable operation.

       This file is a readable text file, each line of	the  file  describing
       one  configuration  parameter.	The  lines consist of a configuration
       name and value, separated by  whitespace.   Blank  lines	 and  comment
       lines  are ignored.  Comments are introduced with a ‘#’ pound sign and
       the pound sign must be the first non-white character of the line.

       Parameter values may be of four types:	strings,  booleans,  numbers,
       and  long numbers.  A string is comprised of any printable characters.
       A boolean should be either the value ‘‘yes’’ or ‘‘no’’.	An  undefined
       boolean parameter or one with a value other than these will be given a
       ‘‘no’’ value.  Numbers (both regular and long) may be  either  decimal
       values,	octal  values  (precede	 the value with ‘‘0’’) or hexadecimal
       values (precede the value with ‘‘0x’’).	The maximum value of the reg-
       ular and long numeric parameters is machine-dependent.

       The following configuration items are provided:

       CHFN_AUTH (boolean)
	      If  yes, the chfn and chsh programs will require authentication
	      before making any changes, unless run by the superuser.

       CHFN_RESTRICT (string)
	      This parameter specifies which values in the gecos field of the
	      passwd file may be changed by regular users using the chfn pro-
	      gram.  It can be any combination of letters f,  r,  w,  h,  for
	      Full  name,  Room	 number,  Work phone, and Home phone, respec-
	      tively.  For backward compatibility,  "yes"  is  equivalent  to
	      "rwh" and "no" is equivalent to "frwh".  If not specified, only
	      the superuser can make any changes.  The most restrictive	 set-
	      ting is better achieved by not installing chfn SUID.

       CREATE_HOME (boolean)
	      This defines whether useradd should create home directories for
	      users by default.	 This option is OR’ed with  the	 -m  flag  on
	      useradd command line.

       GID_MAX (number)

       GID_MIN (number)
	      Range  of group IDs to choose from for the useradd and groupadd
	      programs.

       MAIL_DIR (string)
	      The mail spool directory.	 This is  needed  to  manipulate  the
	      mailbox  when  its  corresponding	 user  account is modified or
	      deleted.	If not specified, a compile-time default is used.

       PASS_MAX_DAYS (number)
	      The maximum number of days a password  may  be  used.   If  the
	      password	is older than this, a password change will be forced.
	      If not specified,	 -1  will  be  assumed	(which	disables  the
	      restriction).

       PASS_MIN_DAYS (number)
	      The  minimum  number  of days allowed between password changes.
	      Any  password  changes  attempted	 sooner	 than  this  will  be
	      rejected.	 If not specified, -1 will be assumed (which disables
	      the restriction).

       PASS_WARN_AGE (number)
	      The number of days warning given before a password expires.   A
	      zero  means warning is given only upon the day of expiration, a
	      negative value means no warning is given.	 If not specified, no
	      warning will be provided.

       PASS_MAX_DAYS,  PASS_MIN_DAYS  and  PASS_WARN_AGE are only used at the
       time of account creation.  Any changes to these settings won’t  affect
       existing accounts.

       UID_MAX (number)

       UID_MIN (number)
	      Range of user IDs to choose from for the useradd program.

       UMASK (number)
	      The permission mask is initialized to this value.	 If not spec-
	      ified, the permission mask will be initialized to 077.

       USERDEL_CMD (string)
	      If defined, this command is  run	when  removing	a  user.   It
	      should  remove any at/cron/print jobs etc. owned by the user to
	      be removed (passed as the first argument).

CROSS REFERENCE
       The following cross reference shows which programs in the shadow pass-
       word suite use which parameters.

       chfn	   CHFN_AUTH CHFN_RESTRICT

       chsh	   CHFN_AUTH

       groupadd	   GID_MAX GID_MIN

       newusers	   PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE UMASK

       pwconv	   PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE

       useradd	   CREATE_HOME GID_MAX GID_MIN PASS_MAX_DAYS PASS_MIN_DAYS
		   PASS_WARN_AGE UID_MAX UID_MIN UMASK

       userdel	   MAIL_DIR USERDEL_CMD

       usermod	   MAIL_DIR

BUGS
       Much of the functionality that used to be provided by the shadow pass-
       word  suite is now handled by PAM.  Thus, /etc/login.defs is no longer
       used by programs such as login(1), passwd(1) and su(1).	Please	refer
       to the corresponding PAM configuration files instead.

SEE ALSO
       login(1), passwd(1), su(1), passwd(5), shadow(5), pam(8)

AUTHORS
       Julianne Frances Haugh (jockgrrl@ix.netcom.com)
       Chip Rosenthal (chip@unicom.com)



								LOGIN.DEFS(5)