NAME
passwd.conf —
password encryption
configuration file
SYNOPSIS
DESCRIPTION
The
/etc/passwd.conf file, consisting of
“stanzas”, describes the configuration of the password cipher used
to encrypt local or YP passwords.
There are default, user and group specific stanzas. If no user or group stanza
to a specific option is available, the default stanza is used.
To differentiate between user and group stanzas, groups are prefixed with a
single colon (‘:’).
Some fields and their possible values that can appear in this file are:
-
-
- localcipher
- The cipher to use for local passwords.
Possible values are: “old”,
“newsalt,<rounds>”, “md5”,
“sha1,<rounds>”, and
“blowfish,<rounds>”. For “newsalt” the value
of rounds is a 24-bit integer with a minimum of 7250 rounds. For
“sha1” the value of rounds is a 32-bit integer, 0 means use
the default of 24680. For “blowfish” the value can be between
4 and 31. It specifies the base 2 logarithm of the number of rounds.
If not specified, the default value is “old”.
-
-
- ypcipher
- The cipher to use for YP passwords.
The possible values are the same as for localcipher.
If not specified, the default value is “old”.
To retrieve information from this file use
pw_getconf(3).
FILES
- /etc/passwd.conf
-
EXAMPLES
Use SHA1 as the local cipher and old-style DES as the YP cipher. Use blowfish
with 2^5 rounds for root:
default:
localcipher = sha1
ypcipher = old
root:
localcipher = blowfish,5
SEE ALSO
passwd(1),
pwhash(1),
pw_getconf(3),
passwd(5)
HISTORY
The
passwd.conf configuration file first appeared in
NetBSD 1.6.
The default value of
localcipher was set to “sha1”
in
/etc/passwd.conf starting from
NetBSD
6.0.