passwd.conf(5)

Updated: 2022/Sep/29
Please read Privacy Policy. It's for your privacy.
PASSWD.CONF(5)                File Formats Manual               PASSWD.CONF(5)

NAME
     passwd.conf - password encryption configuration file

SYNOPSIS
     passwd.conf

DESCRIPTION
     The /etc/passwd.conf file, consisting of "stanzas", describes the
     configuration of the password cipher used to encrypt local or YP
     passwords.

     There are default, user and group specific stanzas.  If no user or group
     stanza to a specific option is available, the default stanza is used.

     To differentiate between user and group stanzas, groups are prefixed with
     a single colon (`:').

     Some fields and their possible values that can appear in this file are:

     localcipher  The cipher to use for local passwords.

                  Possible values are: "argon2d,<t=X,m=Y,p=Z>",
                  "argon2i,<t=X,m=Y,p=Z>", "argon2id,<t=X,m=Y,p=Z>", "old",
                  "newsalt,<rounds>", "md5", "sha1,<rounds>", and
                  "blowfish,<rounds>".

                  For "argon2d", "argon2i", and "argon2id", optional hardness
                  parameters can be specified as described in the manual for
                  pwhash(1).

                  For "newsalt" the value of rounds is a 24-bit integer with a
                  minimum of 7250 rounds.

                  For "sha1" the value of rounds is a 32-bit integer, 0 means
                  use the default of 24680.

                  For "blowfish" the value can be between 4 and 31.  It
                  specifies the base 2 logarithm of the number of rounds.

                  If not specified, the default value is "old".

     ypcipher     The cipher to use for YP passwords.

                  The possible values are the same as for localcipher.

                  If not specified, the default value is "old".

     To retrieve information from this file use pw_getconf(3).

FILES
     /etc/passwd.conf

EXAMPLES
     Use SHA1 as the local cipher and old-style DES as the YP cipher.  Use
     blowfish with 2^5 rounds for root:

      default:
           localcipher = sha1
           ypcipher = old

      root:
           localcipher = blowfish,5

SEE ALSO
     passwd(1), pwhash(1), pw_getconf(3), passwd(5)

HISTORY
     The passwd.conf configuration file first appeared in NetBSD 1.6.

     The default value of localcipher was set to "sha1" in /etc/passwd.conf
     starting from NetBSD 6.0.

     The default value of localcipher was set to "argon2id" in
     /etc/passwd.conf starting from NetBSD 10.0.

NetBSD 10.99                   October 26, 2021                   NetBSD 10.99