man page updates for passwd.conf

3 files changed, 87 insertions, 1 deletions

diff --git a/share/man/man5/Makefile b/share/man/man5/Makefile
index 55cdbda6f49..1c4a7b18594 100644
--- a/share/man/man5/Makefile
+++ b/share/man/man5/Makefile
@@ -5,7 +5,8 @@
 
 MAN=	a.out.5 acct.5 core.5 dir.5 disktab.5 ethers.5 fbtab.5 fs.5 \
 	fstab.5 group.5 \
-	hosts.5 link.5 motd.5 netgroup.5 networks.5 passwd.5 phones.5 \
+	hosts.5 link.5 motd.5 netgroup.5 networks.5 passwd.5 passwd.conf.5 \
+	phones.5 \
 	printcap.5 protocols.5 remote.5 resolv.conf.5 rpc.5 services.5 \
 	shells.5 stab.5 types.5 utmp.5
 MLINKS=	dir.5 dirent.5 fs.5 inode.5 utmp.5 wtmp.5 utmp.5 lastlog.5
diff --git a/share/man/man5/passwd.5 b/share/man/man5/passwd.5
index decd90ed770..5c7b2460dbe 100644
--- a/share/man/man5/passwd.5
+++ b/share/man/man5/passwd.5
@@ -101,6 +101,11 @@ machine.  This is almost invariably a mistake.
 Because these files contain the encrypted user passwords, they should
 not be readable by anyone without appropriate privileges.
 .Pp
+Which type of cipher is used to encrypt the password information
+depends on the configuration in
+.Xr passwd.conf 5 .
+It can be different for local and YP passwords.
+.Pp
 The group field is the group that the user will be placed in upon login.
 Since this system supports multiple groups (see
 .Xr groups 1 )
@@ -213,6 +218,7 @@ containing:
 .Xr chpass 1 ,
 .Xr login 1 ,
 .Xr passwd 1 ,
+.Xr passwd.conf 5 ,
 .Xr getpwent 3 ,
 .Xr netgroup 5 ,
 .Xr adduser 8 ,
diff --git a/share/man/man5/passwd.conf.5 b/share/man/man5/passwd.conf.5
new file mode 100644
index 00000000000..5ae0ee7e546
--- /dev/null
+++ b/share/man/man5/passwd.conf.5
@@ -0,0 +1,79 @@
+.\" $OpenBSD: passwd.conf.5,v 1.1 1997/02/25 18:17:10 provos Exp $
+.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"      This product includes software developed by Niels Provos.
+.\" 4. The name of the author may not be used to endorse or promote products
+.\"    derived from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.Dd February 24, 1997
+.Dt PASSWD.CONF 5
+.Os
+.Sh NAME
+.Nm passwd.conf
+.Nd format of the password configuration file
+.Sh DESCRIPTION
+The
+.Nm /etc/passwd.conf
+file describes the configuration of the password cipher used
+to encrypt local or YP passwords. The
+.Nm passwd.conf
+consists of stanzas. 
+.Pp
+There are default and user specific stanzas. If no user 
+stanza to a specific option is available the default stanza
+is used.
+.Pp
+Some of the fields  and  their possible values that can appear in
+this file are:
+.Pp
+.Bl -tag -width localcipher -offset indent
+.It localcipher
+The cipher to use for local passwords. Possible values are: 'old', 'newsalt'
+or 'blowfish,<rounds>' where rounds is a value between 4 and 31.
+.It ypcipher
+The cipher to use for YP passwords. The possible values are the same as
+for localcipher.
+.El
+.Pp
+To retrieve information from this file use
+.Xr pw_getconf 3 .
+.Pp
+.Sh EXAMPLE
+To use blowfish as local cipher but for root some more rounds and
+the old unix crypt as YP cipher:
+.Pp
+default:
+.Pp
+      localcipher = blowfish,4
+.Pp
+      ypcipher = old
+.Pp
+root:
+.Pp
+      localcipher = blowfish,7
+.Pp
+.Sh SEE ALSO
+.Xr passwd 1 ,
+.Xr passwd 5 ,
+.Xr pw_getconf 3