sys-auth/pambase/metadata.xml - mirrors/cros/chromiumos/overlays/portage-stable - Git at Google

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 	<maintainer type="person">
 		<email>zlogene@gentoo.org</email>
 		<name>Mikle Kolyada</name>
 	</maintainer>
 	<use>
 		<flag name="cracklib">
 			Enable pam_cracklib module on system authentication stack. This
 			produces warnings when changing password to something easily
 			crackable. It requires the same USE flag to be enabled on
 			<pkg>sys-libs/pam</pkg> or system login might be impossible.
 		</flag>
 		<flag name="consolekit">
 			Enable pam_ck_connector module on local system logins. This
 			allows for console logins to make use of ConsoleKit
 			authorization.
 		</flag>
 		<flag name="elogind">
 			Use pam_elogind module to register user sessions with elogind.
 		</flag>
 		<flag name="systemd">
 			Use pam_systemd module to register user sessions in the systemd
 			control group hierarchy.
 		</flag>
 		<flag name="debug">
 			Enable debug information logging on syslog(3) for all the
 			modules supporting this in the system authentication and system
 			login stacks.
 		</flag>
 		<flag name="passwdqc">
 			Enable pam_passwdqc module on system auth stack for password
 			quality validation. This is an alternative to pam_cracklib
 			producing warnings, rejecting or providing example passwords
 			when changing your system password. It is used by default by
 			OpenWall GNU/*/Linux and by FreeBSD.
 		</flag>
 		<flag name="mktemp">
 			Enable pam_mktemp module on system auth stack for session
 			handling. This module creates a private temporary directory for
 			the user, and sets TMP and TMPDIR accordingly.
 		</flag>
 		<flag name="pam_ssh">
 			Enable pam_ssh module on system auth stack for authentication
 			and session handling. This module will accept as password the
 			passphrase of a private SSH key (one of ~/.ssh/id_rsa,
 			~/.ssh/id_dsa or ~/.ssh/identity), and will spawn an ssh-agent
 			instance to cache the open key.
 		</flag>
 		<flag name="sha512">
 			Switch Linux-PAM's pam_unix module to use sha512 for passwords
 			hashes rather than MD5. This option requires
 			<pkg>sys-libs/pam</pkg> version 1.0.1 built against
 			<pkg>sys-libs/glibc</pkg> version 2.7, if it's built against an
 			earlier version, it will silently be ignored, and MD5 hashes
 			will be used. All the passwords changed after this USE flag is
 			enabled will be saved to the shadow file hashed using SHA512
 			function. The password previously saved will be left
 			untouched. Please note that while SHA512-hashed passwords will
 			still be recognised if the USE flag is removed, the shadow file
 			will not be compatible with systems using an earlier glibc
 			version.
 		</flag>
 		<flag name="pam_krb5">
 			Enable pam_krb5 module on system auth stack, as an alternative
 			to pam_unix. If Kerberos authentication succeed, only pam_unix
 			will be ignore, and all the other modules will proceed as usual,
 			including Gnome Keyring and other session modules. It requires
 			<pkg>sys-libs/pam</pkg> as PAM implementation.
 		</flag>
 		<flag name="minimal">
 			Disables the standard PAM modules that provide extra information
 			to users on login; this includes pam_tally (and pam_tally2 for
 			Linux PAM 1.1 and later), pam_lastlog, pam_motd and other
 			similar modules. This might not be a good idea on a multi-user
 			system but could reduce slightly the overhead on single-user
 			non-networked systems.
 		</flag>
 		<flag name="nullok">
 			Enable the nullok option with the pam_unix module. This allows
 			people to login with blank passwords.
 		</flag>
 		<flag name="securetty">
 			Enable pam_securetty module in the login stack. Not generally
 			relevant anymore as the login stack only refers to local logins
 			and local terminals imply secure access in the first place.
 		</flag>
 	</use>
 </pkgmetadata>
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
	<pkgmetadata>
	<maintainer type="person">
	<email>zlogene@gentoo.org</email>
	<name>Mikle Kolyada</name>
	</maintainer>
	<use>
	<flag name="cracklib">
	Enable pam_cracklib module on system authentication stack. This
	produces warnings when changing password to something easily
	crackable. It requires the same USE flag to be enabled on
	<pkg>sys-libs/pam</pkg> or system login might be impossible.
	</flag>
	<flag name="consolekit">
	Enable pam_ck_connector module on local system logins. This
	allows for console logins to make use of ConsoleKit
	authorization.
	</flag>
	<flag name="elogind">
	Use pam_elogind module to register user sessions with elogind.
	</flag>
	<flag name="systemd">
	Use pam_systemd module to register user sessions in the systemd
	control group hierarchy.
	</flag>
	<flag name="debug">
	Enable debug information logging on syslog(3) for all the
	modules supporting this in the system authentication and system
	login stacks.
	</flag>
	<flag name="passwdqc">
	Enable pam_passwdqc module on system auth stack for password
	quality validation. This is an alternative to pam_cracklib
	producing warnings, rejecting or providing example passwords
	when changing your system password. It is used by default by
	OpenWall GNU/*/Linux and by FreeBSD.
	</flag>
	<flag name="mktemp">
	Enable pam_mktemp module on system auth stack for session
	handling. This module creates a private temporary directory for
	the user, and sets TMP and TMPDIR accordingly.
	</flag>
	<flag name="pam_ssh">
	Enable pam_ssh module on system auth stack for authentication
	and session handling. This module will accept as password the
	passphrase of a private SSH key (one of ~/.ssh/id_rsa,
	~/.ssh/id_dsa or ~/.ssh/identity), and will spawn an ssh-agent
	instance to cache the open key.
	</flag>
	<flag name="sha512">
	Switch Linux-PAM's pam_unix module to use sha512 for passwords
	hashes rather than MD5. This option requires
	<pkg>sys-libs/pam</pkg> version 1.0.1 built against
	<pkg>sys-libs/glibc</pkg> version 2.7, if it's built against an
	earlier version, it will silently be ignored, and MD5 hashes
	will be used. All the passwords changed after this USE flag is
	enabled will be saved to the shadow file hashed using SHA512
	function. The password previously saved will be left
	untouched. Please note that while SHA512-hashed passwords will
	still be recognised if the USE flag is removed, the shadow file
	will not be compatible with systems using an earlier glibc
	version.
	</flag>
	<flag name="pam_krb5">
	Enable pam_krb5 module on system auth stack, as an alternative
	to pam_unix. If Kerberos authentication succeed, only pam_unix
	will be ignore, and all the other modules will proceed as usual,
	including Gnome Keyring and other session modules. It requires
	<pkg>sys-libs/pam</pkg> as PAM implementation.
	</flag>
	<flag name="minimal">
	Disables the standard PAM modules that provide extra information
	to users on login; this includes pam_tally (and pam_tally2 for
	Linux PAM 1.1 and later), pam_lastlog, pam_motd and other
	similar modules. This might not be a good idea on a multi-user
	system but could reduce slightly the overhead on single-user
	non-networked systems.
	</flag>
	<flag name="nullok">
	Enable the nullok option with the pam_unix module. This allows
	people to login with blank passwords.
	</flag>
	<flag name="securetty">
	Enable pam_securetty module in the login stack. Not generally
	relevant anymore as the login stack only refers to local logins
	and local terminals imply secure access in the first place.
	</flag>
	</use>
	</pkgmetadata>