# CPU configuration file. # # This file should probably be owned by root and set 0600 ############################################ # GLOBAL Configuration ############################################ [GLOBAL] # This is the name of the type of password changing you are intending on # performing. Currently support is only for ldap. This string should be in all # lower case and can be modified on the command line with the -m switch. DEFAULT_METHOD = ldap # If cpu was compiled --with-cracklib, specify the location of the cracklib # dictionary here CRACKLIB_DICTIONARY = /usr/lib/cracklib_dict ############################################ # Flatfile Configuration (broken) ############################################ [PASSWD] # Default Group GROUP = 1000 # Home Prefix HOME = /home # Default Inactive INACTIVE = -1 #EXPIRE = SHELL = /bin/bash SKEL = /etc/skel COMMENT = "Default Gecos" # What files to read/write from/to PASSWORD = /etc/passwd SHADOW = /etc/shadow ############################################ # LDAP Configuration ############################################ [LDAP] # This is the IP address or hostname of a machine running an LDAP server LDAP_HOST = 127.0.0.1 # The LDAP Uri. If this is specified, start tls may be used and LDAP_HOST and # LDAP_PORT may not be needed. LDAP_URI = ldaps://hostname # This is a port > -1 && port < 65535 to connect to the server on LDAP_PORT = 389 # This is a DN with appropriate credentials to make modification to objects on # the LDAP server BIND_DN = cn=Manager,dc=backwatcher,dc=com # This password may be omitted and specified at the command line. If you are # smart enough to not be using a password at all, well, CPU probably isn't for # you since someone else is probably already administering your LDAP server. BIND_PASS = secret # This is the base for where users are added. This is likely to change often # with complex dits, so you can also change this via the -U (--userbase) # switch on the command line. This is also used to build the dn for users. USER_BASE = ou=People,o=Backwatcher,dc=backwatcher,dc=com # This is analagous to the USER_BASE GROUP_BASE = ou=Group,o=Backwatcher,dc=backwatcher,dc=com # These are specific to your ldap installation. Depending on the # implementation, you may need to modify these values. The default will work # for a basic user. If you want to add things like email, etc. you may have to # change these USER_OBJECT_CLASS = account,posixAccount,shadowAccount,top GROUP_OBJECT_CLASS = posixGroup,top # These filters are used to locate and identify users and groups USER_FILTER = (objectClass=posixAccount) GROUP_FILTER = (objectClass=posixGroup) # USER_CN_STRING should be the attribute for the user cn. For example if you # specify uid, dn will look like "uid=usersName". If you specify cn, the dn # will look like "cn=userName", etc. USER_CN_STRING = uid # GROUP_CN_STRING should be the attribute for the group cn. For example if you # specify gid, dn will look like "gid=groupName". If you specify cn, the dn # will look like "cn=groupName", etc. GROUP_CN_STRING = cn # The TIMEOUT is the ammount of time to wait before an operation should time # out. The default is 60 seconds. This value should be in seconds. TIMEOUT = 60 # SKEL_DIR can only be used with useradd in conjunction with the -M # (--makehome) command line switch. If this is specified and exists, and -M is # specified, the files in SKEL_DIR will be copied to the users new home # directory SKEL_DIR = /etc/skel # This is a default shell for your users. This is actually optional according # to RFC 2307, but most users like shells DEFAULT_SHELL = /bin/bash # HOME_DIRECTORY is required to be specified either by the command line or the # configuration file. They way that this variable is used is as follows. If # HOME_DIRECTORY does _not_ end with a slash, a slash and the users name are # appended to the string. If HOME_DIRECTORY _does_ end with a slash, that # string is not modified and is used for the users directory. The same holds # for the command line. If the user is found in PASSWORD_FILE, that value is # used unless HOME_DIRECTORY was specified at the command line. HOME_DIRECTORY = /home # You should not set MIN_UIDNUMBER < 100 unless you know what you are doing # You should not set MIN_GIDNUMBER < 100 unless you know what you are doing # MAX_{GID,UID}NUMBER should be set at something that your operating platform # supports # You should adjust ID_MAX_PASSES so that you don't have to change it # frequently but it doesn't take forever to find a number # USERS_GID should not be in the range of {MIN_GIDNUMBER,MAX_GIDNUMBER} MAX_UIDNUMBER = 10000 MIN_UIDNUMBER = 100 MAX_GIDNUMBER = 10000 MIN_GIDNUMBER = 100 ID_MAX_PASSES = 1000 # The USERGROUPS variable can be either "yes" or "no". If "yes" each # created user will be given their own group to use as a default. If "no", each # created user will be placed in the group whose gid is USERS_GID (see below). USERGROUPS = yes # If USERGROUPS is "no", then USERS_GID should be the GID of the group # `users' (or the equivalent group) on your system. If this is unspecified, we # default to 100 USERS_GID = 100 # If RANDOM is false, the next sequential UID or GID will be used # If RANDOM is true, the first unused random UID or GID found will be used RANDOM = "false" # The GECOS is a string for use with populating the gecos field during a # useradd. This is not required, but many people like it. GECOS = "Ldap User" # The DEFAULT_PASSWORD is probably a bad idea, but some people may need it. # This is only used for useradds # DEFAULT_PASSWORD = "secret" # A password file and shadow file to pull users from, or just passwords PASSWORD_FILE = "/etc/passfile" SHADOW_FILE = "/etc/shadowfile" # This is the default HASH to use for passwords. Currently CPU supports: # md5, smd5, sha1, ssha1, and crypt # This can be modified on the command line with the -H option HASH = "md5" # These are not required, except by perhaps your authentication backend. # see shadow(3) for more details SHADOWLASTCHANGE = 11192 SHADOWMAX = 99999 SHADOWWARING = 7 SHADOWEXPIRE = -1 SHADOWFLAG = 134538308 SHADOWMIN = -1 SHADOWINACTIVE = -1 # ADD_SCRIPT and DEL_SCRIPT work the same, however ADD_SCRIPT is # used only for a useradd operation and DEL_SCRIPT is used only # for a userdel operation. These can be overridden via the command # line switch -X. If specified in the configuration file or at the # command line, the script is executed after a successful useradd # or userdel. The first argument to the script is the login name # as specified at the command line. ADD_SCRIPT = "contrib/postaddscript.sh" DEL_SCRIPT = "foo.sh"