Provided by: libuser_0.56.9.dfsg.1-1ubuntu1_i386 bug

NAME

       libuser.conf - configuration for libuser and libuser utilities

FILE FORMAT

       libuser.conf  is a text file.  Leading and trailing white space on each
       line is ignored.  Lines starting with # are ignored.

       The file defines variables grouped into sections.  Each section  starts
       with a section header:
              [section name]
       A single section header can appear more than once in the file.

       The  lines  following  a  section  header  define  variables  from that
       section:
              variable = value
       The value can be empty.

       A variable can have more than one value, specified by using  more  than
       one  line  defining  that  variable.   All  currently defined variables
       accept only the first value and ignore the others, if any.

[defaults]

       create_modules
              A list of module names  to  use  when  creating  user  or  group
              entries, unless the application specifies a different list.  The
              module names in the list can be separated using  space,  tab  or
              comma.  Default value is files shadow.

       crypt_style
              The  algorithm  to use for password encryption when creating new
              passwords.  The current algorithm may be retained when  changing
              a password of an existing user, depending on the application.

              Possible  values  are des, md5, blowfish, sha256 and sha512, all
              case-insensitive.   Unrecognized  values  are  treated  as  des.
              Default value is des.

       hash_rounds_min, hash_rounds_max
              These  variables  specify an inclusive range of hash rounds used
              when crypt_style is sha256 or sha512.  A number of  hash  rounds
              is  chosen  from  this  interval  randomly.   A larger number of
              rounds makes password  checking,  and  brute-force  attempts  to
              guess  the  password  by reversing the hash, more CPU-intensive.
              The number of  rounds  is  restricted  to  the  interval  [1000,
              999999999].

              If  only  one of the above variables is specified, the number of
              rounds used is specified by  the  other  variable.   If  neither
              variable is specified, the number of rounds is chosen by libc.

       mailspooldir
              The directory containing user’s mail spool files.  Default value
              is /var/mail.

       moduledir
              The directory containing libuser modules.   Default  value  uses
              the   modules  installed  with  libuser,  corresponding  to  the
              architecture of the libuser library,  e.g.  /usr/lib/libuser  or
              /usr/lib64/libuser   (assuming   libuser   was  configured  with
              --prefix=/usr).

       modules
              A list of module names to use when not creating  user  or  group
              entries, unless the application specifies a different list.  The
              module names in the list can be separated using  space,  tab  or
              comma.  Default value is files shadow.

       skeleton
              The  directory  containing  files  to copy to newly created home
              directories.  Default value is /etc/skel.

[import]

       login_defs
              A path to the login.defs file from shadow.  If this variable  is
              defined,  the variables from the named file are used in place of
              some  libuser  variables.   Variables  explicitly   defined   in
              libuser.conf are not affected by contents of login.defs.

              The following variables are imported:
                                   |
              Variable             | Imported as
              ---------------------+-------------------------------
              ENCRYPT_METHOD       | defaults/crypt_style
              GID_MIN              | groupdefaults/LU_GIDNUMBER
              MAIL_DIR             | defaults/mailspooldir
              MD5_CRYPT_ENAB       | defaults/crypt_style
              PASS_MAX_DAYS        | userdefaults/LU_SHADOWMAX
              PASS_MIN_DAYS        | userdefaults/LU_SHADOWMIN
              PASS_WARN_AGE        | userdefaults/LU_SHADOWWARNING
              SHA_CRYPT_MIN_ROUNDS | defaults/hash_rounds_min
              SHA_CRYPT_MAX_ROUNDS | defaults/hash_rounds_max
              UID_MIN              | userdefaults/LU_UIDNUMBER

              The  following variables are not imported: CREATE_HOME, GID_MAX,
              MAIL_FILE,   SYSLOG_SG_ENAB,   UID_MAX,   UMASK,    USERDEL_CMD,
              USERGROUPS_ENAB

       default_useradd
              A  path  to the default/useradd file from useradd in shadow.  If
              this variable is defined, the variables from the named file  are
              used  in  place of some libuser variables.  Variables explicitly
              defined  in  libuser.conf  are  not  affected  by  contents   of
              default/useradd.

              The following variables are imported:
                       |
              Variable | Imported as
              ---------+--------------------------------
              EXPIRE   | userdefaults/LU_SHADOWEXPIRE
              GROUP    | userdefaults/LU_GIDNUMBER
              HOME     | userdefaults/LU_HOMEDIRECTORY
              INACTIVE | userdefaults/LU_SHADOWINACTIVE
              SHELL    | userdefaults/LU_LOGINSHELL
              SKEL     | defaults/skeleton

              The HOME variable value has /%n appended to it before importing.

[userdefaults]

       This section defines attribute values of newly created  user  entities.
       There is one special variable:

       LU_UIDNUMBER
              A  decimal number, the first allowed UID value for regular users
              (not system users).  Default value is 500.

       All other variables have the same names as  the  attribute  names  from
       <libuser/entity.h>  and define attribute values.  Either the macro name
       (e.g. LU_GECOS) or the macro content (e.g. pw_gecos) can  be  used;  if
       both  are  used,  the  one appearing later in the configuration file is
       used.

       The % character in the value  of  the  variable  introduces  an  escape
       sequence:  %n  is  replaced by the user name, %d is replaced by current
       date in days since the epoch, %u is replaced by the user’s UID.   There
       is no way to escape the % character and avoid this substitution.

       After  the  userdefaults  section  is  processed,  modules  may  define
       additional attributes or even override the attributes defined  in  this
       section.

[groupdefaults]

       The  groupdefaults  section  is  similar to userdefaults.  There is one
       special variable:

       LU_GIDNUMBER
              A decimal number, the first allowed GID value for regular groups
              (not system groups).  Default value is 500.

       The  other  variables  follow  the  same  rules  as in the userdefaults
       section, except that %n and %u are  replaced  by  the  group  name  and
       group’s GID, respectively.

       After  the  groupdefaults  section  is  processed,  modules  may define
       additional attributes or even override the attributes defined  in  this
       section.

[files]

       Configures  the files module, which manages /etc/group and /etc/passwd.
       The configuration  variables  are  probably  useful  only  for  libuser
       development.

       directory
              The  directory  containing  the group and passwd files.  Default
              value is /etc.

       nonroot
              Allow module initialization when not invoked as the root user if
              the value is yes.

[shadow]

       Configures   the   files   module,   which   manages  /etc/gshadow  and
       /etc/shadow.  The configuration variables are probably useful only  for
       libuser development.

       directory
              The  directory containing the gshadow and shadow files.  Default
              value is /etc.

       nonroot
              Allow module initialization when not invoked as the root user if
              the value is yes.

[ldap]

       Configures  the  ldap module, which manages an user database accessible
       using LDAP.

       userBranch
              The LDAP suffix for user entities.  Default value is  ou=People.

       groupBranch
              The  LDAP suffix for group entities.  Default value is ou=Group.

       server A domain name or an URI of the LDAP server.  The URI can use the
              ldap  or the ldaps protocol.  When a simple domain name is used,
              the connection fails if TLS can not be used; an  URI  using  the
              ldap  protocol  allows connection without TLS.  Default value is
              ldap.

       basedn The base DN of the server.  Default value is  dc=example,dc=com.

       binddn A  DN  for  binding  to  the  server.   If the value is empty or
              binding using this DN fails, a DN of  uid=user,userBranch,basedn
              is  used,  where  userBranch  and basedn are variables from this
              section and user is the user name of the invoking  user,  unless
              overridden  by  the  user  variable  from this section.  Default
              value is cn=manager,dc=example,dc=com.

       user   The SASLv2 identity for authenticating to the LDAP server,  also
              overrides the user name for generating a bind DN.  Default value
              is the name of the invoking user.

       authuser
              The SASLv2 authorization user, if non-empty.  Default  value  is
              empty.

       bindtype
              The  list  of  bind  types to use, separated by commas.  Allowed
              bind types are simple, sasl, and sasl/mechanism, where mechanism
              is  a  SASL  mechanism.   The  bind  types  (but not necessarily
              mechanism) are case-insensitive.  If more than one bind type  is
              specified,  their  relative  order is ignored.  Default value is
              simple,sasl.

[sasl]

       Configures the sasl module, which manages a SASLv2 user database.

       appname
              Name of the SASLv2 application.  Default value is empty.

       domain Domain used by libuser for  the  SASLv2  authentication  object.
              Default value is empty.

BUGS

       Invalid  lines  in  the  configuration  file  (or  the  imported shadow
       configuration files) are silently ignored.

FILES

       /etc/libuser.conf
              The  default  location  of  the  configuration  file.   Can   be
              overridden  by  the LIBUSER_CONF environment variable, except in
              set-uid or set-gid programs.