| <?xml version="1.0" encoding="UTF-8"?> |
| <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
| <pkgmetadata> |
| <herd>pam</herd> |
| <maintainer> |
| <email>pam-bugs@gentoo.org</email> |
| </maintainer> |
| <use> |
| <flag name="cracklib"> |
| Enable pam_cracklib module on system authentication stack. This |
| produces warnings when changing password to something easily |
| crackable. It requires the same USE flag to be enabled on |
| <pkg>sys-libs/pam</pkg> or system login might be impossible. |
| </flag> |
| <flag name="consolekit"> |
| Enable pam_ck_connector module on local system logins. This |
| allows for console logins to make use of ConsoleKit |
| authorization. |
| </flag> |
| <flag name="gnome-keyring"> |
| Enable pam_gnome_keyring module on system login stack. This |
| enables proper Gnome Keyring access to logins, whether they are |
| done with the login shell, a Desktop Manager or a remote login |
| systems such as SSH. |
| </flag> |
| <flag name="debug"> |
| Enable debug information logging on syslog(3) for all the |
| modules supporting this in the system authentication and system |
| login stacks. |
| </flag> |
| <flag name="passwdqc"> |
| Enable pam_passwdqc module on system auth stack for password |
| quality validation. This is an alternative to pam_cracklib |
| producing warnings, rejecting or providing example passwords |
| when changing your system password. It is used by default by |
| OpenWall GNU/*/Linux and by FreeBSD. |
| </flag> |
| <flag name="mktemp"> |
| Enable pam_mktemp module on system auth stack for session |
| handling. This module creates a private temporary directory for |
| the user, and sets TMP and TMPDIR accordingly. |
| </flag> |
| <flag name="ssh"> |
| Enable pam_ssh module on system auth stack for authentication |
| and session handling. This module will accept as password the |
| passphrase of a private SSH key (one of ~/.ssh/id_rsa, |
| ~/.ssh/id_dsa or ~/.ssh/identity), and will spawn an ssh-agent |
| instance to cache the open key. |
| </flag> |
| <flag name="sha512"> |
| Switch Linux-PAM's pam_unix module to use sha512 for passwords |
| hashes rather than MD5. This option requires |
| <pkg>>=sys-libs/pam-1.0.1</pkg> built against |
| <pkg>>=sys-libs/glibc-2.7</pkg>, if it's built against an |
| earlier version, it will silently be ignored, and MD5 hashes |
| will be used. All the passwords changed after this USE flag is |
| enabled will be saved to the shadow file hashed using SHA512 |
| function. The password previously saved will be left |
| untouched. Please note that while SHA512-hashed passwords will |
| still be recognised if the USE flag is removed, the shadow file |
| will not be compatible with systems using an earlier glibc |
| version. |
| </flag> |
| </use> |
| </pkgmetadata> |