PASSWD.CONF(5) BSD Reference Manual PASSWD.CONF(5)
passwd.conf - format of the password configuration file
This configuration file is made obsolete by login.conf(5). Support for
the passwd.conf file will be removed in a future release of OpenBSD.
The /etc/passwd.conf file, consisting of "stanzas", describes the confi-
guration of the password cipher used to encrypt local or YP passwords.
There are default, user and group specific stanzas. If no user or group
stanza to a specific option is available, the default stanza is used.
To differentiate between user and group stanzas, groups are prefixed with
a colon (':').
Some fields and their possible values that can appear in this file are:
localcipher The cipher to use for local passwords. Possible values are:
"old", "newsalt,<rounds>", "md5", and "blowfish,<rounds>".
For "newsalt" the value of rounds is a 24-bit integer with a
minimum of 7250 rounds. For "blowfish" the value can be
between 4 and 31. It specifies the base 2 logarithm of the
number of rounds.
ypcipher The cipher to use for YP passwords. The possible values are
the same as for localcipher.
pwdcheck An external program that checks the quality of the password.
The password is passed to the program on stdin. An exit code
of 0 indicates that the quality of the password is suffi-
cient, an exit code of 1 signals that the password failed
the check.
pwdtries The number of times passwd(1) enforces a check on the pass-
word. If it is 0, the new password will only be accepted if
it passes the password quality check. The default is 3.
To retrieve information from this file use pw_getconf(3).
/etc/passwd.conf
Use blowfish as the local cipher; add some more rounds for root and wheel
members. The old Unix crypt is used as YP cipher:
default:
localcipher = blowfish,4
ypcipher = old
root:
localcipher = blowfish,7
:wheel:
localcipher = blowfish,5
passwd(1), pw_getconf(3), passwd(5)
The /etc/passwd.conf file appeared in OpenBSD 2.1 and was deprecated in
OpenBSD 3.0.
MirBSD #10-current September 3, 2001 1