napcok/calamares
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[users] Document password settings

Browse Source
This commit is contained in:
Adriaan de Groot 2023-12-01 18:01:58 +01:00
parent 4262d9f051
commit 4e3de90cd0
1 changed files with 47 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
src/modules/users/users.conf
View File

@ -112,20 +112,19 @@ doAutologin: true
# on the user. The values given in this sample file set only very weak # on the user. The values given in this sample file set only very weak
# validation settings. # validation settings.
# #
# - nonempty rejects empty passwords # Calamares itself supports two checks:
# - there are no length validations # - minLength
# - libpwquality (if it is enabled at all) has no length of class # - maxLength
# restrictions, although it will still reject palindromes and # In this sample file, the values are set to -1 which means "no
# dictionary words with these settings. # minimum", "no maximum". This allows any password at all.
# # No effort is done to ensure that the checks are consistent
# Checks may be listed multiple times; each is checked separately,
# and no effort is done to ensure that the checks are consistent
# (e.g. specifying a maximum length less than the minimum length # (e.g. specifying a maximum length less than the minimum length
# will annoy users). # will annoy users).
# #
# Calamares supports password checking through libpwquality.
# The libpwquality check relies on the (optional) libpwquality library. # The libpwquality check relies on the (optional) libpwquality library.
# Its value is a list of configuration statements that could also # The value for libpwquality is a list of configuration statements like
# be found in pwquality.conf, and these are handed off to the # those found in pwquality.conf. The statements are handed off to the
# libpwquality parser for evaluation. The check is ignored if # libpwquality parser for evaluation. The check is ignored if
# libpwquality is not available at build time (generates a warning in # libpwquality is not available at build time (generates a warning in
# the log). The Calamares password check rejects passwords with a # the log). The Calamares password check rejects passwords with a
@ -134,20 +133,51 @@ doAutologin: true
# (additional checks may be implemented in CheckPWQuality.cpp and # (additional checks may be implemented in CheckPWQuality.cpp and
# wired into UsersPage.cpp) # wired into UsersPage.cpp)
# #
# - To disable specific password validations: # To disable all password validations:
# comment out the relevant 'passwordRequirements' keys below. # - comment out the relevant 'passwordRequirements' keys below,
# - To disable all password validations: # or set minLength and maxLength to -1.
# set both 'allowWeakPasswords' and 'allowWeakPasswordsDefault' to true. # - disable libpwquality at build-time.
# To allow all passwords, but provide warnings:
# - set both 'allowWeakPasswords' and 'allowWeakPasswordsDefault' to true.
# (That will show the box *Allow weak passwords* in the user- # (That will show the box *Allow weak passwords* in the user-
# interface, and check it by default). # interface, and check it by default).
# - configure password-checking however you wish.
# To require specific password characteristics:
# - set 'allowWeakPasswords' to false (the default)
# - configure password-checking, e.g. with NIST settings
# These are very weak -- actually, none at all -- requirements
passwordRequirements: passwordRequirements:
nonempty: true
minLength: -1 # Password at least this many characters minLength: -1 # Password at least this many characters
maxLength: -1 # Password at most this many characters maxLength: -1 # Password at most this many characters
libpwquality: libpwquality:
- minlen=0 - minlen=0
- minclass=0 - minclass=0
# These are "you must have a password, any password" -- requirements
#
# passwordRequirements:
# minLength: 1
# These are requirements the try to follow the suggestions from
# https://pages.nist.gov/800-63-3/sp800-63b.html , "Digital Identity Guidelines".
# Note that requiring long and complex passwords has its own cost,
# because the user has to come up with one at install time.
# Setting 'allowWeakPasswords' to false and 'doAutologin' to false
# will require a strong password and prevent (graphical) login
# without the password. It is likely to be annoying for casual users.
#
# passwordRequirements:
# minLength: 8
# maxLength: 64
# libpwquality:
# - minlen=8
# - maxrepeat=3
# - maxsequence=3
# - usersubstr=4
# - badwords=linux
# You can control the visibility of the 'strong passwords' checkbox here. # You can control the visibility of the 'strong passwords' checkbox here.
# Possible values are: # Possible values are:
# - true to show or # - true to show or
@ -165,6 +195,7 @@ allowWeakPasswords: false
# to be unchecked. # to be unchecked.
allowWeakPasswordsDefault: false allowWeakPasswordsDefault: false
# User settings # User settings
# #
# The user can enter a username, but there are some other # The user can enter a username, but there are some other
@ -187,6 +218,7 @@ user:
shell: /bin/bash shell: /bin/bash
forbidden_names: [ root ] forbidden_names: [ root ]
# Hostname settings # Hostname settings
# #
# The user can enter a hostname; this is configured into the system # The user can enter a hostname; this is configured into the system