When I uncomment some values (like PASS_MIN_LEN) in /etc/login.defs, I get errors when logging in. emerge --info Portage 2.1.6.13 (default/linux/amd64/10.0, gcc-4.3.2, glibc-2.9_p20081201-r2, 2.6.31-gentoo-r1 x86_64) ================================================================= System uname: Linux-2.6.31-gentoo-r1-x86_64-AMD_Athlon-tm-_II_X4_600e_Processor-with-gentoo-2.0.1 Timestamp of tree: Thu, 12 Nov 2009 04:00:01 +0000 ccache version 2.4 [disabled] app-shells/bash: 4.0_p28 dev-lang/python: 2.6.2-r1 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.6.4 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.5.1-r1 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.63-r1 sys-devel/automake: 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=amdfam10 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/lib/fax /usr/share/config /var/spool/fax/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=amdfam10 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="en_US.utf8" LC_ALL="en_US.utf8" LDFLAGS="-Wl,-O1" LINGUAS="en" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_EXTRA_OPTS="-q" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acl amd64 berkdb bzip2 cli consolekit cracklib crypt cups dri fortran gdbm gnutls gpm iconv ipv6 loop-aes mmx modules mudflap multilib ncurses nls nptl nptlonly openmp pam pcre pppd python readline reflection session spl sse sse2 ssh ssl sysfs tcpd unicode xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="dav_fs dav_lock disk_cache access auth auth_basic authn_alias authn_anon authn_default authn_file dbd ext_filter file_cache mem_cache mime_magic proxy_connect proxy_http ident vhost_alias authn_dbd authz_default authn_dbm authz_dbm authz_groupfile authz_owner authz_user auth_dbm auth_anon auth_digest authz_host alias file-cache filter echo charset-lite cache disk-cache mem-cache ext-filter case_filter case-filter-in deflate mime-magic cern-meta expires headers usertrack unique-id proxy proxy-connect proxy-ftp proxy-http info include cgi cgid dav dav-fs vhost-alias speling rewrite log_config logio env setenvif mime status autoindex asis negotiation dir imap actions userdir so" ELIBC="glibc" FRITZCAPI_CARDS="fcusb" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTDIR_OVERLAY # emerge shadow pam baselayout -pv These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] sys-apps/baselayout-2.0.1 USE="-build" 0 kB [ebuild R ] sys-libs/pam-1.0.4 USE="cracklib nls -audit (-selinux) -test -vim-syntax" 0 kB [ebuild R ] sys-apps/shadow-4.1.2.2 USE="cracklib nls pam -audit (-selinux) -skey" 0 kB Total: 3 packages (3 reinstalls), Size of downloads: 0 kB # su - testuser configuration error - unknown item 'FAILLOG_ENAB' (notify administrator) configuration error - unknown item 'LASTLOG_ENAB' (notify administrator) configuration error - unknown item 'PASS_MIN_LEN' (notify administrator) configuration error - unknown item 'CRACKLIB_DICTPATH' (notify administrator) configuration error - unknown item 'PASS_ALWAYS_WARN' (notify administrator) ~ $ The "Remove the thing from /etc/login.defs" comment in bug #131977 is not exactly helpful as I do want to enforce longer passwords. If this is not a bug, then why is this listed in login.defs AND how else can I set lower bounds for password length? thanks.
man pam.conf; man pam_unix login.defs is for when you *don't* use PAM.