From 86554616985345f438e387520f076192e9277a34 Mon Sep 17 00:00:00 2001 From: Balint Reczey Date: Sun, 14 Nov 2021 12:31:13 +0100 Subject: [PATCH] Include YESCRYPT options in shipped login.defs Closes: #991914 --- debian/login.defs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/debian/login.defs b/debian/login.defs index 824cbaf1..cf0f66b1 100644 --- a/debian/login.defs +++ b/debian/login.defs @@ -269,6 +269,7 @@ USERGROUPS_ENAB yes # If set to MD5 , MD5-based algorithm will be used for encrypting password # If set to SHA256, SHA256-based algorithm will be used for encrypting password # If set to SHA512, SHA512-based algorithm will be used for encrypting password +# If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password # If set to DES, DES-based algorithm will be used for encrypting password (default) # Overrides the MD5_CRYPT_ENAB option # @@ -293,6 +294,19 @@ ENCRYPT_METHOD SHA512 # SHA_CRYPT_MIN_ROUNDS 5000 # SHA_CRYPT_MAX_ROUNDS 5000 +# +# Only works if ENCRYPT_METHOD is set to YESCRYPT. +# +# Define the YESCRYPT cost factor. +# With a higher cost factor, it is more difficult to brute-force the password. +# However, more CPU time and more memory will be needed to authenticate users +# if this value is increased. +# +# If not specified, a cost factor of 5 will be used. +# The value must be within the 1-11 range. +# +#YESCRYPT_COST_FACTOR 5 + # # The pwck(8) utility emits a warning for any system account with a home # directory that does not exist. Some system accounts intentionally do