File: cpu.conf.doc

package info (click to toggle)
cpu 1.4.3-12
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid, stretch
  • size: 2,612 kB
  • sloc: sh: 7,535; ansic: 7,392; makefile: 117
file content (158 lines) | stat: -rw-r--r-- 6,335 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
# CPU configuration file.
#
# This file should probably be owned by root and set 0600

############################################
# GLOBAL Configuration
############################################
[GLOBAL]

# This is the name of the type of password changing you are intending on
# performing. Currently support is only for ldap. This string should be in all
# lower case and can be modified on the command line with the -m switch.
DEFAULT_METHOD	= ldap

# If cpu was compiled --with-cracklib, specify the location of the cracklib
# dictionary here
CRACKLIB_DICTIONARY = /usr/lib/cracklib_dict

############################################
# LDAP Configuration
############################################
[LDAP]

# This is the IP address or hostname of a machine running an LDAP server
LDAP_HOST	= 127.0.0.1

# The LDAP Uri. If this is specified, start tls may be used and LDAP_HOST and
# LDAP_PORT may not be needed.
LDAP_URI	= ldaps://hostname

# This is a port > -1 && port < 65535 to connect to the server on
LDAP_PORT	= 389

# This is a DN with appropriate credentials to make modification to objects on
# the LDAP server
BIND_DN		= cn=Manager,dc=backwatcher,dc=com

# This password may be omitted and specified at the command line. If you are
# smart enough to not be using a password at all, well, CPU probably isn't for
# you since someone else is probably already administering your LDAP server.
BIND_PASS	= secret

# This is the base for where users are added. This is likely to change often
# with complex dits, so you can also change this via the -U (--userbase)
# switch on the command line. This is also used to build the dn for users.
USER_BASE 	= ou=People,o=Backwatcher,dc=backwatcher,dc=com

# This is analagous to the USER_BASE
GROUP_BASE 	= ou=Group,o=Backwatcher,dc=backwatcher,dc=com

# These are specific to your ldap installation. Depending on the
# implementation, you may need to modify these values. The default will work
# for a basic user. If you want to add things like email, etc. you may have to
# change these
USER_OBJECT_CLASS	= account,posixAccount,shadowAccount,top
GROUP_OBJECT_CLASS	= posixGroup,top

# These filters are used to locate and identify users and groups
USER_FILTER	= (objectClass=posixAccount)
GROUP_FILTER	= (objectClass=posixGroup)

# USER_CN_STRING should be the attribute for the user cn. For example if you
# specify uid, dn will look like "uid=usersName". If you specify cn, the dn
# will look like "cn=userName", etc.
USER_CN_STRING	= uid

# GROUP_CN_STRING should be the attribute for the group cn. For example if you
# specify gid, dn will look like "gid=groupName". If you specify cn, the dn
# will look like "cn=groupName", etc.
GROUP_CN_STRING	= cn

# The TIMEOUT is the ammount of time to wait before an operation should time
# out. The default is 60 seconds. This value should be in seconds.
TIMEOUT	= 60

# SKEL_DIR can only be used with useradd in conjunction with the -M
# (--makehome) command line switch. If this is specified and exists, and -M is
# specified, the files in SKEL_DIR will be copied to the users new home
# directory
SKEL_DIR	= /etc/skel

# This is a default shell for your users. This is actually optional according
# to RFC 2307, but most users like shells
DEFAULT_SHELL 	= /bin/bash

# HOME_DIRECTORY is required to be specified either by the command line or the
# configuration file. They way that this variable is used is as follows. If
# HOME_DIRECTORY does _not_ end with a slash, a slash and the users name are
# appended to the string. If HOME_DIRECTORY _does_ end with a slash, that
# string is not modified and is used for the users directory. The same holds
# for the command line. If the user is found in PASSWORD_FILE, that value is
# used unless HOME_DIRECTORY was specified at the command line.
HOME_DIRECTORY	= /home

# You should not set MIN_UIDNUMBER < 100 unless you know what you are doing
# You should not set MIN_GIDNUMBER < 100 unless you know what you are doing
# MAX_{GID,UID}NUMBER should be set at something that your operating platform
# supports
# You should adjust ID_MAX_PASSES so that you don't have to change it
# frequently but it doesn't take forever to find a number
# USERS_GID should not be in the range of {MIN_GIDNUMBER,MAX_GIDNUMBER}
MAX_UIDNUMBER = 10000
MIN_UIDNUMBER = 100
MAX_GIDNUMBER = 10000
MIN_GIDNUMBER = 100
ID_MAX_PASSES = 1000

# The USERGROUPS variable can be either "yes" or "no".  If "yes" each
# created user will be given their own group to use as a default. If "no", each
# created user will be placed in the group whose gid is USERS_GID (see below).
USERGROUPS = yes

# If USERGROUPS is "no", then USERS_GID should be the GID of the group
# `users' (or the equivalent group) on your system. If this is unspecified, we
# default to 100
USERS_GID = 100


# If RANDOM is false, the next sequential UID or GID will be used
# If RANDOM is true, the first unused random UID or GID found will be used
RANDOM = "false"

# The GECOS is a string for use with populating the gecos field during a
# useradd. This is not required, but many people like it.
GECOS	=	"Ldap User"

# The DEFAULT_PASSWORD is probably a bad idea, but some people may need it.
# This is only used for useradds
# DEFAULT_PASSWORD = "secret"

# A password file and shadow file to pull users from, or just passwords
PASSWORD_FILE = "/etc/passfile"
SHADOW_FILE = "/etc/shadowfile"

# This is the default HASH to use for passwords. Currently CPU supports:
#  md5, smd5, sha1, ssha1, crypt and md5crypt
# This can be modified on the command line with the -H option
HASH = "md5"

# These are not required, except by perhaps your authentication backend.
# see shadow(3) for more details
SHADOWLASTCHANGE	= 11192
SHADOWMAX		= 99999
SHADOWWARING		= 7
SHADOWEXPIRE		= -1
SHADOWFLAG		= 134538308
SHADOWMIN		= -1
SHADOWINACTIVE		= -1

# ADD_SCRIPT  and  DEL_SCRIPT work the same, however ADD_SCRIPT is
# used only for a useradd operation and DEL_SCRIPT  is  used  only
# for a userdel operation. These can be overridden via the command
# line switch -X. If specified in the configuration file or at the
# command  line, the script is executed after a successful useradd
# or userdel. The first argument to the script is the  login  name
# as specified at the command line.
ADD_SCRIPT = "contrib/postaddscript.sh"
DEL_SCRIPT = "foo.sh"