Date: Mon, 24 Feb 2003 14:37:18 -0800 From: David Schultz <das@FreeBSD.ORG> To: doc@FreeBSD.ORG Subject: removing unimplemented options from login.conf.5 Message-ID: <20030224223718.GB9747@HAL9000.homeunix.com>
next in thread | raw e-mail | index | archive | help
This has been a thorn in my side for some time now. A large chunk of the options listed in the login.conf(5) manpage are poorly documented, and aren't even supported in the base system. My original intent was to add a sentence saying that some of them are supported in ports, but referring to ports from a system manpage is kludgy, and I could only find one option supported in ports anyway. So my new plan is to simply nix from login.conf(5) all of the options that don't work. What do people think of the following patch (which has some other stuff in it as well)? - Document the fact that we now use pam_passwdqc(8) to check password quality, not login.conf(5). - Move warnexpire and warnpasswd from the ``Accounting Limits'' section to ``Authentication'', and nix everything else in the former section. The accounting knobs are not available in the base system, and the subset of them available in ports should be documented in the ports' manpages. Index: login.conf.5 =================================================================== RCS file: /cvs/src/lib/libutil/login.conf.5,v retrieving revision 1.44 diff -u -u -r1.44 login.conf.5 --- login.conf.5 2002/11/22 22:22:10 1.44 +++ login.conf.5 2003/02/24 13:07:45 @@ -39,6 +39,8 @@ environment and to enforce policy, accounting and administrative restrictions. It also provides the means by which users are able to be authenticated to the system and the types of authentication available. +Attributes in addition to the ones described here are available with +third-party packages. .Pp A special record "default" in the system user class capability database .Pa /etc/login.conf @@ -205,7 +207,7 @@ .It "welcome file /etc/motd File containing welcome message. .El .Sh AUTHENTICATION -.Bl -column minpasswordlen indent indent +.Bl -column passwd_prompt indent indent .It Sy "Name Type Notes Description .\" .It "approve program Program to approve login. .It "copyright file File containing additional copyright information @@ -215,11 +217,6 @@ in the class may not access. .It "login_prompt string The login prompt given by .Xr login 1 -.It "minpasswordlen number 6 The minimum length a local password -may be. -.It "mixpasswordcase bool true Whether -.Xr passwd 1 -will warn the user if an all lower case password is entered. .It "passwd_format string md5 The encryption format that new or changed passwords will use. Valid values include "des", "md5" and "blf". @@ -236,6 +233,8 @@ in the class may use for access. .It "ttys.deny list List of ttys and ttygroups which users in the class may not use for access. +.It "warnexpire time Advance notice for pending account expiry. +.It "warnpassword time Advance notice for pending password expiry. .\".It "widepasswords bool false Use the wide password format. The wide password .\" format allows up to 128 significant characters in the password. .El @@ -324,60 +323,17 @@ devices in the group. If both lists are given and are non-empty, the user is restricted to those devices allowed by ttys.allow that are not available by ttys.deny. -.Sh ACCOUNTING LIMITS -.Bl -column host.accounted indent indent -.It Sy "Name Type Notes Description -.It "accounted bool false Enable session time accounting for all users -in this class. -.It "autodelete time Time after expiry when account is auto-deleted. -.It "bootfull bool false Enable 'boot only if ttygroup is full' strategy -when terminating sessions. -.It "daytime time Maximum login time per day. -.It "expireperiod time Time for expiry allocation. -.It "graceexpire time Grace days for expired account. -.It "gracetime time Additional grace login time allowed. -.It "host.accounted list List of remote host wildcards from which -login sessions will be accounted. -.It "host.exempt list List of remote host wildcards from which -login session accounting is exempted. -.It "idletime time Maximum idle time before logout. -.It "monthtime time Maximum login time per month. -.It "passwordtime time Used by -.Xr passwd 1 -to set next password expiry date. -.It "refreshtime time New time allowed on account refresh. -.It "refreshperiod str How often account time is refreshed. -.It "sessiontime time Maximum login time per session. -.It "sessionlimit number Maximum number of concurrent -login sessions on ttys in any group. -.It "ttys.accounted list List of ttys and ttygroups for which -login accounting is active. -.It "ttys.exempt list List of ttys and ttygroups for which login accounting -is exempt. -.It "warnexpire time Advance notice for pending account expiry. -.It "warnpassword time Advance notice for pending password expiry. -.It "warntime time Advance notice for pending out-of-time. -.It "weektime time Maximum login time per week. -.El -.Pp -These fields are used by the time accounting system, which regulates, -controls and records user login access. .Pp The -.Em ttys.accounted -and -.Em ttys.exempt -fields operate in a similar manner to -.Em ttys.allow +.Em minpasswordlen and -.Em ttys.deny -as explained -above. -Similarly with the -.Em host.accounted -and -.Em host.exempt -lists. +.Em minpasswordcase +facilities for enforcing restrictions on password quality, which used +to be supported by +.Nm , +have been superseded by the +.Xr pam_passwdqc 8 +PAM module. .Sh SEE ALSO .Xr cap_mkdb 1 , .Xr login 1 , @@ -385,5 +341,7 @@ .Xr getttyent 3 , .Xr login_cap 3 , .Xr login_class 3 , +.Xr pam 3 , .Xr passwd 5 , -.Xr ttys 5 +.Xr ttys 5 , +.Xr pam_passwdqc 8 ----- End forwarded message ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030224223718.GB9747>