| <?xml version="1.0" encoding="UTF-8"?> |
| <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
| <pkgmetadata> |
| <maintainer type="person"> |
| <email>zlogene@gentoo.org</email> |
| <name>Mikle Kolyada</name> |
| </maintainer> |
| <maintainer type="person"> |
| <email>sam@gentoo.org</email> |
| <name>Sam James</name> |
| </maintainer> |
| <use> |
| <flag name="elogind"> |
| Use pam_elogind module to register user sessions with elogind. |
| </flag> |
| <flag name="systemd"> |
| Use pam_systemd module to register user sessions in the systemd |
| control group hierarchy. |
| </flag> |
| <flag name="homed"> |
| Use pam_systemd_home module to manage home directories with |
| the systemd-homed service |
| </flag> |
| <flag name="debug"> |
| Enable debug information logging on syslog(3) for all the |
| modules supporting this in the system authentication and system |
| login stacks. |
| </flag> |
| <flag name="passwdqc"> |
| Enable pam_passwdqc module on system auth stack for password |
| quality validation. This module produces warnings, rejecting |
| or providing example passwords when changing your system password. |
| It is used by default by OpenWall GNU/*/Linux and by FreeBSD. |
| </flag> |
| <flag name="pwhistory"> |
| Enable pam_pwhistory module on system auth stack to save |
| the last passwords for each user in order to force password |
| change history and keep the user from alternating between |
| the same password too frequently. |
| </flag> |
| <flag name="pwquality"> |
| Enable pam_pwquality module on system auth stack for passwd |
| quality validation. It is used be dafault by Fedora GNU/*/Linux. |
| </flag> |
| <flag name="mktemp"> |
| Enable pam_mktemp module on system auth stack for session |
| handling. This module creates a private temporary directory for |
| the user, and sets TMP and TMPDIR accordingly. |
| </flag> |
| <flag name="pam_ssh"> |
| Enable pam_ssh module on system auth stack for authentication |
| and session handling. This module will accept as password the |
| passphrase of a private SSH key (one of ~/.ssh/id_rsa, |
| ~/.ssh/id_dsa or ~/.ssh/identity), and will spawn an ssh-agent |
| instance to cache the open key. |
| </flag> |
| <flag name="sha512"> |
| Switch Linux-PAM's pam_unix module to use sha512 for passwords |
| hashes rather than MD5. This option requires |
| <pkg>sys-libs/pam</pkg> version 1.0.1 built against |
| <pkg>sys-libs/glibc</pkg> version 2.7, if it's built against an |
| earlier version, it will silently be ignored, and MD5 hashes |
| will be used. All the passwords changed after this USE flag is |
| enabled will be saved to the shadow file hashed using SHA512 |
| function. The password previously saved will be left |
| untouched. Please note that while SHA512-hashed passwords will |
| still be recognised if the USE flag is removed, the shadow file |
| will not be compatible with systems using an earlier glibc |
| version. |
| </flag> |
| <flag name="pam_krb5"> |
| Enable pam_krb5 module on system auth stack, as an alternative |
| to pam_unix. If Kerberos authentication succeed, only pam_unix |
| will be ignore, and all the other modules will proceed as usual, |
| including Gnome Keyring and other session modules. It requires |
| <pkg>sys-libs/pam</pkg> as PAM implementation. |
| </flag> |
| <flag name="minimal"> |
| Disables the standard PAM modules that provide extra information |
| to users on login; this includes pam_lastlog, pam_motd, pam_mail |
| and other similar modules. This might not be a good idea on |
| a multi-user system but could reduce slightly the overhead on |
| single-user non-networked systems. |
| </flag> |
| <flag name="nullok"> |
| Enable the nullok option with the pam_unix module. This allows |
| people to login with blank passwords. |
| </flag> |
| <flag name="securetty"> |
| Enable pam_securetty module in the login stack. Not generally |
| relevant anymore as the login stack only refers to local logins |
| and local terminals imply secure access in the first place. |
| </flag> |
| </use> |
| </pkgmetadata> |