sourCEntral - mobile manpages

pdf

PWCONV

NOME

pwconv, pwunconv, grpconv, grpunconv − convertono a e da password e gruppi shadow.

SINOSSI

pwconv

pwunconv

grpconv

grpunconv

DESCRIZIONE

The pwconv command creates shadow from passwd and an optionally existing shadow.

The pwunconv command creates passwd from passwd and shadow and then removes shadow.

The grpconv command creates gshadow from group and an optionally existing gshadow.

The grpunconv command creates group from group and gshadow and then removes gshadow.

Questi quattro programmi agiscono tutti sui file normali e oscurati (shadow) delle password e dei gruppi: /etc/passwd, /etc/group, /etc/shadow e /etc/gshadow.

Ciascun programma, prima della conversione, acquisisce i lock necessari. pwconv e grpconv sono simili. Per prima cosa vengono rimosse le voci nel file oscurato che non esistono nel file principale. Quindi vengono aggiornate le voci oscurate che non hanno ‘x´ come password nel file principale. Vengono aggiunte le eventuali voci oscurate mancanti. Infine, le password nel file principale vengono sostituite con ‘x´. Questi programmi possono essere usati per le conversioni iniziali così come per aggiornare il file oscurato se il file principale viene editato a mano.

pwconv will use the values of PASS_MIN_DAYS, PASS_MAX_DAYS, and PASS_WARN_AGE from /etc/login.defs when adding new entries to /etc/shadow.

Analogamente, pwunconv e grpunconv sono simili. Le password nel file principale vengono aggiornate dal file oscurato. Voci che esistono nel file principale ma non nel file oscurato vengono lasciate stare. Infine, viene rimosso il file oscurato.Alcune informazioni sull´invecchiamento delle password vengono perse da pwunconv. Convertirà solo quello che potrà.

PROBLEMI

Errors in the password or group files (such as invalid or duplicate entries) may cause these programs to loop forever or fail in other strange ways. Please run pwck and grpck to correct any such errors before converting to or from shadow passwords or groups.

CONFIGURATION

The following configuration variable in /etc/login.defs changes the behavior of grpconv and grpunconv:

MAX_MEMBERS_PER_GROUP (number)

Maximum members per group entry. When the maximum is reached, a new group entry (line) is started in /etc/group (with the same name, same password, and same GID).

The default value is 0, meaning that there are no limits in the number of members in a group.

This feature (split group) permits to limit the length of lines in the group file. This is useful to make sure that lines for NIS groups are not larger than 1024 characters.

If you need to enforce such limit, you can use 25.

Note: split groups may not be supported by all tools (even in the Shadow toolsuite. You should not use this variable unless you really need it.

The following configuration variables in /etc/login.defs change the behavior of pwconv:

PASS_MAX_DAYS (number)

The maximum number of days a password may be used. If the password is older than this, a password change will be forced. If not specified, −1 will be assumed (which disables the restriction).

PASS_MIN_DAYS (number)

The minimum number of days allowed between password changes. Any password changes attempted sooner than this will be rejected. If not specified, −1 will be assumed (which disables the restriction).

PASS_WARN_AGE (number)

The number of days warning given before a password expires. A zero means warning is given only upon the day of expiration, a negative value means no warning is given. If not specified, no warning will be provided.

FILE

/etc/login.defs

Shadow password suite configuration.

VEDERE ANCHE

grpck(8), login.defs(5), pwck(8).

pdf