Package: login Version: 1:4.8.1-1 The YESCRYPT method not listed in man pages of login.defs, YESCRYPT_COST_FACTOR option should be listed in login.defs too (same for man page).
~# grep -B10 "ENCRYPT_METHOD " /etc/login.defs # # If set to MD5 , MD5-based algorithm will be used for encrypting password # If set to SHA256, SHA256-based algorithm will be used for encrypting password # If set to SHA512, SHA512-based algorithm will be used for encrypting password # If set to DES, DES-based algorithm will be used for encrypting password (default) # Overrides the MD5_CRYPT_ENAB option # # Note: It is recommended to use a value consistent with # the PAM modules configuration. # ENCRYPT_METHOD SHA512 Which is inconsistent with PAM common-password configuration ~# cat /etc/pam.d/common-password |grep pam_unix.so password [success=1 default=ignore] pam_unix.so obscure yescrypt
