Man Linux: Main Page and Category List

NAME

       cpu.conf - cpu configuration file

DESCRIPTION

       This  file stores all configurable options for CPU and CPU modules. You
       can specify the location  of  the  configuration  file  at  runtime  by
       specifying  the --config or -C command line switches (see cpu(8)). Each
       CPU module  has  its  own  configuration  section,  but  they  are  all
       documented  here.  It  is  recommended that the config file have strict
       permissions such as 600. Please note that  configuration  options  take
       the  following  format:  option  = value and section headers are of the
       format [HEADER]

GLOBAL OPTIONS

       Global options should be under the section marked [GLOBAL]. All options
       under this section impact all operations.

       DEFAULT_METHOD = method
              Specifies  what the default administration method is. This value
              should be a string of either ldap or passwd.

       CRACKLIB_DICTIONARY = file
              If CPU was compiled --with-libcrack file should be the  location
              of cracklib_dict.

LDAP OPTIONS

       LDAP  options should be under the section marked [LDAP].  These options
       are only useful when DEFAULT_METHOD is set to ldap  or  when  ldap  was
       specified  at  the  command  line with the -M switch. These options are
       only used by the LDAP module.

       LDAP_HOST = hostname
              hostname should be either the IP address or the hostname of  the
              server  running  the  LDAP directory that you wish to administer
              users on. This can  be  overridden  with  the  -N  command  line
              switch.

       LDAP_PORT = port
              port  is the port that the LDAP server specified by LDAP_HOST is
              listening on. This value must  be  non  negative.  This  can  be
              overridden by the -P command line switch.

       BIND_DN = dn
              dn  should  be  the  fully  qualified  DN of an LDAP entity with
              appropriate rights to perform any actions that  you  wish.  This
              value can be overridden by the -D command line switch.

       BIND_PASS = password
              password  is  the  password  of the entity specified by BIND_DN.
              This value is passed directly to the server, so it may be stored
              encrypted  if  your  server  supports  this.  This  value can be
              overridden by the -w command line switch.

       USER_BASE = base_dn
              base_dn is the base dn that users should  be  added  to,  search
              for,  deleted  from, or modified from. In general if you wish to
              add a user to the following dn: ou=users,o=company,c=us  base_dn
              should  be set to ou=users,o=company,c=us. If you set this value
              to o=company,c=us users will be added to that dn,  although  for
              searching  purposes  the scope is more broad.  This value can be
              overridden at the command line with the -U switch.

       GROUP_BASE = base_dn
              base_dn is the base dn that groups should be  added  to,  search
              for,  deleted  from, or modified from. In general if you wish to
              add a group to the following dn: ou=group,o=company,c=us base_dn
              should  be set to ou=group,o=company,c=us. If you set this value
              to o=company,c=us groups will be added to that dn, although  for
              searching  purposes  the scope is more broad.  This value can be
              overridden at the command line with the -B switch.

       USER_OBJECT_CLASS = object_class

       GROUP_OBJECT_CLASS = object_class
              object_class is a comma separated list of  object  classes  that
              are  required by your LDAP directories schema in order to add or
              modify users and groups. The default  should  be  fine,  consult
              your      vendors      documentation     or     contact     cpu-
              users@lists.sourceforge.net if you have problems.

       USER_FILTER = filter

       GROUP_FILTER = filter
              filter is a filter that adhears to the following BNF:
                      <filter> ::= ’(’ <filtercomp> ’)’
                      <filtercomp> ::= <and> | <or> | <not> | <simple>
                      <and> ::= ’&’ <filterlist>
                      <or> ::= ’|’ <filterlist>
                      <not> ::= ’!’ <filter>
                      <filterlist> ::= <filter> | <filter> <filterlist>
                      <simple> ::= <attributetype> <filtertype> <attributevalue>
                      <filtertype> ::= ’=’ | ’~=’ | ’<=’ | ’>=’
              These filters are utilized to locate users and groups,  as  well
              as to aid in finding new uid’s and gid’s.

       USER_CN_STRING = string
              string  is  used  during user creation. It allows you to specify
              the dn of the user. The dn becomes string=login,...

       GROUP_CN_STRING = string
              string is used during group creation. It allows you  to  specify
              the dn of the group. The dn becomes string=groupname,...

       TIMEOUT = timeout
              timeout  should  be  a  value  in seconds and greater than 0. If
              unspecified  the  default  is  60.  This  value  determines  the
              duration after which an operation should be aborted.

       The  following  options  are  still used by the [LDAP] section, but are
       more user centric and less ldap centric.

       SKEL_DIR = dir
              dir should be the path for a directory  that  files  are  to  be
              copied from when -m is given at the command line. This value can
              be overridden by the -k command line switch.

       DEFAULT_SHELL = shell
              The default name of the user’s login shell. This  value  can  be
              overridden by the -s command line switch.

       HOME_DIRECTORY = directory
              New users will be created using directory prepended to the users
              login name. If this variable is undefined, it must be  specified
              at  the  command  line with the -d switch. When specified at the
              command line that value is used for the users home directory.

       MAX_UIDNUMBER = integer

       MIN_UIDNUMBER = integer

       MAX_GIDNUMBER = integer

       MIN_GIDNUMBER = integer

       ID_MAX_PASSES = integer
              These values control gid and uid generation. When a uid  is  not
              specified  at  the command line (for a useradd) these values are
              used for finding the next unused uid (random or linear). Similar
              for  groupadd.  These  are pretty self evident. ID_MAX_PASSES is
              the number of times that a search  should  be  performed  before
              giving up.

       RANDOM = true or false
              If  RANDOM  is  true, then a random number will be generated and
              searched for (this number, if unused in the directory,  will  be
              the  users uid or a groups gid). If a user or group with that ID
              exists, the process will continue for ID_MAX_PASSES. If true,  a
              linear   scan   will  be  done  starting  at  MIN_UIDNUMBER  (or
              GIDNUMBER) and will not stop until an unused ID is found or  the
              number  of  scans is equal to ID_MAX_PASSES. If random is false,
              only one query is done on the directory, but it may still  be  a
              bit slower then setting random to true in some cases.

       USERGROUPS =  yes or no
              The  USERGROUPS  can  be  either yes or no. If yes, each created
              user will be given their own group to use as a default.  If  no,
              each  created  user  will  be  placed  in the group whose gid is
              USER_GID.

       USERS_GID =  integer
              If USERGROUPS is no, then USERS_GID should be  the  GID  of  the
              group default is 100.

       GECOS = string
              The  default  value  for  a  user’s  gecos  field.  This  can be
              overridden at the command line with the -c switch.

       PASSWORD_FILE = file
              The value should be a Unix  style,  passwd  formatted  file.  In
              order  to  use  this  value  the  -F  switch must be used at the
              command line. This value can be empty if a file is provided with
              the -F switch. In this case, the users attributes are taken from
              the file (if the user is found) and used in the LDAP entry.

       SHADOW_FILE = file
              The value should be a Unix  style,  shadow  formatted  file.  In
              order  to  use  this  value  the  -S  switch must be used at the
              command line. This value can be empty if a file is provided with
              the -S switch. In this case, the users attributes are taken from
              the file (if the user is found)  and  used  in  the  LDAP  entry
              (including the password).

       HASH = hash
              hash is a hash of either clear, crypt, sha1, ssha1, md5, or smd5
              to  be  used  when  hashing  user  passwords.  This  is  largely
              implementation  dependent  but  all  are  supported.  If you are
              taking passwords from a standard password file, this  should  be
              clear (I think, need to check...). This can be overridden at the
              command line with the -H switch.

       SHADOWLASTCHANGE = integer

       SHADOWMAX = integer

       SHADOWWARING = integer

       SHADOWEXPIRE = integer

       SHADOWFLAG = integer

       SHADOWMIN = integer

       SHADOWINACTIVE = integer
              These  values  are  better  documented  in  shadow(3)   and   in
              shadow(5).   These  are  not required by RFC2307 but are by some
              ldap authentication implementations. These values  can  only  be
              specified  here,  or  taken from an existing shadow file for the
              user.

       ADD_SCRIPT = executable

       DEL_SCRIPT = executable
              ADD_SCRIPT and DEL_SCRIPT work the same, however  ADD_SCRIPT  is
              used  only  for  a useradd operation and DEL_SCRIPT is used only
              for a userdel operation. These can be overridden via the command
              line switch -X. If specified in the configuration file or at the
              command line, the script is executed after a successful  useradd
              or  userdel.  The first argument to the script is the login name
              as specified at the command line.

PASSWD OPTIONS

       Password options should be under the  section  marked  [PASSWD].  These
       options  are  only  useful when DEFAULT_METHOD is set to passwd or when
       passwd was specified at the command line  with  the  -M  switch.  These
       options  are  only  used  by  the passwd module. This module is not yet
       functional, so I won’t document the options.

SEE ALSO

       cpu-ldap(8) cpu(8)

AUTHORS

       Blake Matheny <bmatheny@purdue.edu>

       The  current  version  of  this  software   is   always   availabe   at
       http://cpu.sourceforge.net

BUGS

       To report a bug or problem, please e-mail:

       cpu-users@lists.sourceforge.net

TODO

       See  TODO  file  that  accompanied  software. Please e-mail us with any
       additional suggestions.

                               17 February 2003