logins.def

logins.def¶

The /etc/login.defs file defines the site-specific configuration for the shadow password suite. This file is required. Absence of this file will not prevent system operation, but will probably result in undesirable operation.

Parameter values may be of four types: strings, booleans, numbers, and long numbers. A string is comprised of any printable characters. A boolean should be either the value yes or no. An undefined boolean parameter or one with a value other than these will be given a no value. Numbers (both regular and long) may be either decimal values, octal values (precede the value with 0) or hexadecimal values (precede the value with 0x). The maximum value of the regular and long numeric parameters is machine-dependent.

The following configurations are changed:¶

UMASK from 022 to 027

PASS_MAX_DAYS from 99999 to 365

PASS_MIN_DAYS from 0 to 1

PASS_MIN_LEN 10 activated

ENCRYPT_METHOD SHA512 to ENCRYPT_METHOD YESCRYPT

SHA_CRYPT_MIN_ROUNDS 100000 activated

SHA_CRYPT_MAX_ROUNDS 150000 activated

YESCRYPT_COST_FACTOR 10 activated