Provided by: libuser_0.56.9.dfsg.1-1.2ubuntu2_i386 bug

NAME

       libuser.conf - configuration for libuser and libuser utilities

FILE FORMAT

       libuser.conf  is a text file.  Leading and trailing white space on each
       line is ignored.  Lines starting with # are ignored.

       The file defines variables grouped into sections.  Each section  starts
       with a section header:
              [section name]
       A single section header can appear more than once in the file.

       The  lines  following  a  section  header  define  variables  from that
       section:
              variable = value
       The value can be empty.

       A variable can have more than one value, specified by using  more  than
       one  line  defining  that  variable.   All  currently defined variables
       accept only the first value and ignore the others, if any.

[defaults]

       create_modules
              A list of module names  to  use  when  creating  user  or  group
              entries, unless the application specifies a different list.  The
              module names in the list can be separated using  space,  tab  or
              comma.  Default value is files shadow.

       crypt_style
              The  algorithm  to use for password encryption when creating new
              passwords.  The current algorithm may be retained when  changing
              a password of an existing user, depending on the application.

              Possible  values  are des, md5, blowfish, sha256 and sha512, all
              case-insensitive.   Unrecognized  values  are  treated  as  des.
              Default value is des.

       hash_rounds_min, hash_rounds_max
              These  variables  specify an inclusive range of hash rounds used
              when crypt_style is sha256 or sha512.  A number of  hash  rounds
              is  chosen  from  this  interval  randomly.   A larger number of
              rounds makes password  checking,  and  brute-force  attempts  to
              guess  the  password  by reversing the hash, more CPU-intensive.
              The number of  rounds  is  restricted  to  the  interval  [1000,
              999999999].

              If  only  one of the above variables is specified, the number of
              rounds used is specified by  the  other  variable.   If  neither
              variable is specified, the number of rounds is chosen by libc.

       mailspooldir
              The directory containing user's mail spool files.  Default value
              is /var/mail.

       moduledir
              The directory containing libuser modules.   Default  value  uses
              the   modules  installed  with  libuser,  corresponding  to  the
              architecture of the libuser library,  e.g.  /usr/lib/libuser  or
              /usr/lib64/libuser   (assuming   libuser   was  configured  with
              --prefix=/usr).

       modules
              A list of module names to use when not creating  user  or  group
              entries, unless the application specifies a different list.  The
              module names in the list can be separated using  space,  tab  or
              comma.  Default value is files shadow.

       skeleton
              The  directory  containing  files  to copy to newly created home
              directories.  Default value is /etc/skel.

[import]

       login_defs
              A path to the login.defs file from shadow.  If this variable  is
              defined,  the variables from the named file are used in place of
              some  libuser  variables.   Variables  explicitly   defined   in
              libuser.conf are not affected by contents of login.defs.

              The following variables are imported:
                                   |
              Variable             | Imported as
              ---------------------+-------------------------------
              ENCRYPT_METHOD       | defaults/crypt_style
              GID_MIN              | groupdefaults/LU_GIDNUMBER
              MAIL_DIR             | defaults/mailspooldir
              MD5_CRYPT_ENAB       | defaults/crypt_style
              PASS_MAX_DAYS        | userdefaults/LU_SHADOWMAX
              PASS_MIN_DAYS        | userdefaults/LU_SHADOWMIN
              PASS_WARN_AGE        | userdefaults/LU_SHADOWWARNING
              SHA_CRYPT_MIN_ROUNDS | defaults/hash_rounds_min
              SHA_CRYPT_MAX_ROUNDS | defaults/hash_rounds_max
              UID_MIN              | userdefaults/LU_UIDNUMBER

              The  following variables are not imported: CREATE_HOME, GID_MAX,
              MAIL_FILE,   SYSLOG_SG_ENAB,   UID_MAX,   UMASK,    USERDEL_CMD,
              USERGROUPS_ENAB

       default_useradd
              A  path  to the default/useradd file from useradd in shadow.  If
              this variable is defined, the variables from the named file  are
              used  in  place of some libuser variables.  Variables explicitly
              defined  in  libuser.conf  are  not  affected  by  contents   of
              default/useradd.

              The following variables are imported:
                       |
              Variable | Imported as
              ---------+--------------------------------
              EXPIRE   | userdefaults/LU_SHADOWEXPIRE
              GROUP    | userdefaults/LU_GIDNUMBER
              HOME     | userdefaults/LU_HOMEDIRECTORY
              INACTIVE | userdefaults/LU_SHADOWINACTIVE
              SHELL    | userdefaults/LU_LOGINSHELL
              SKEL     | defaults/skeleton

              The HOME variable value has /%n appended to it before importing.

[userdefaults]

       This  section  defines attribute values of newly created user entities.
       There is one special variable:

       LU_UIDNUMBER
              A decimal number, the first allowed UID value for regular  users
              (not system users).  Default value is 500.

       All  other  variables  have  the same names as the attribute names from
       <libuser/entity.h> and define attribute values.  Either the macro  name
       (e.g.  LU_GECOS)  or  the macro content (e.g. pw_gecos) can be used; if
       both are used, the one appearing later in  the  configuration  file  is
       used.

       The  %  character  in  the  value  of the variable introduces an escape
       sequence: %n is replaced by the user name, %d is  replaced  by  current
       date  in days since the epoch, %u is replaced by the user's UID.  There
       is no way to escape the % character and avoid this substitution.

       After  the  userdefaults  section  is  processed,  modules  may  define
       additional  attributes  or even override the attributes defined in this
       section.

[groupdefaults]

       The groupdefaults section is similar to  userdefaults.   There  is  one
       special variable:

       LU_GIDNUMBER
              A decimal number, the first allowed GID value for regular groups
              (not system groups).  Default value is 500.

       The other variables follow  the  same  rules  as  in  the  userdefaults
       section,  except  that  %n  and  %u  are replaced by the group name and
       group's GID, respectively.

       After the  groupdefaults  section  is  processed,  modules  may  define
       additional  attributes  or even override the attributes defined in this
       section.

[files]

       Configures the files module, which manages /etc/group and  /etc/passwd.
       The  configuration  variables  are  probably  useful  only  for libuser
       development.

       directory
              The directory containing the group and  passwd  files.   Default
              value is /etc.

       nonroot
              Allow module initialization when not invoked as the root user if
              the value is yes.

[shadow]

       Configures  the  files   module,   which   manages   /etc/gshadow   and
       /etc/shadow.   The configuration variables are probably useful only for
       libuser development.

       directory
              The directory containing the gshadow and shadow files.   Default
              value is /etc.

       nonroot
              Allow module initialization when not invoked as the root user if
              the value is yes.

[ldap]

       Configures the ldap module, which manages an user  database  accessible
       using LDAP.

       userBranch
              The LDAP suffix for user entities.  Default value is ou=People.

       groupBranch
              The LDAP suffix for group entities.  Default value is ou=Group.

       server A domain name or an URI of the LDAP server.  The URI can use the
              ldap or the ldaps protocol.  When a simple domain name is  used,
              the  connection  fails  if TLS can not be used; an URI using the
              ldap protocol allows connection without TLS.  Default  value  is
              ldap.

       basedn The base DN of the server.  Default value is dc=example,dc=com.

       binddn A  DN  for  binding  to  the  server.   If the value is empty or
              binding using this DN fails, a DN of  uid=user,userBranch,basedn
              is  used,  where  userBranch  and basedn are variables from this
              section and user is the user name of the invoking  user,  unless
              overridden  by  the  user  variable  from this section.  Default
              value is cn=manager,dc=example,dc=com.

       user   The SASLv2 identity for authenticating to the LDAP server,  also
              overrides the user name for generating a bind DN.  Default value
              is the name of the invoking user.

       authuser
              The SASLv2 authorization user, if non-empty.  Default  value  is
              empty.

       bindtype
              The  list  of  bind  types to use, separated by commas.  Allowed
              bind types are simple, sasl, and sasl/mechanism, where mechanism
              is  a  SASL  mechanism.   The  bind  types  (but not necessarily
              mechanism) are case-insensitive.  If more than one bind type  is
              specified,  their  relative  order is ignored.  Default value is
              simple,sasl.

[sasl]

       Configures the sasl module, which manages a SASLv2 user database.

       appname
              Name of the SASLv2 application.  Default value is empty.

       domain Domain used by libuser for  the  SASLv2  authentication  object.
              Default value is empty.

BUGS

       Invalid  lines  in  the  configuration  file  (or  the  imported shadow
       configuration files) are silently ignored.

FILES

       /etc/libuser.conf
              The  default  location  of  the  configuration  file.   Can   be
              overridden  by  the LIBUSER_CONF environment variable, except in
              set-uid or set-gid programs.