1 files changed, 27 insertions, 2 deletions

diff --git a/source/a/shadow/login.defs b/source/a/shadow/login.defs
index e52f91a53..0e137a35a 100644
--- a/source/a/shadow/login.defs
+++ b/source/a/shadow/login.defs
@@ -30,6 +30,15 @@ LOG_OK_LOGINS		no
 LASTLOG_ENAB		yes
 
 #
+# Limit the highest user ID number for which the lastlog entries should
+# be updated.
+#
+# No LASTLOG_UID_MAX means that there is no user ID limit for writing
+# lastlog entries.
+#
+#LASTLOG_UID_MAX
+
+#
 # Enable checking and display of mailbox status upon login.
 #
 # Disable if the shell startup files already check for mail
@@ -297,6 +306,7 @@ CHFN_RESTRICT		frwh
 # If set to MD5 , MD5-based algorithm will be used for encrypting password
 # If set to SHA256, SHA256-based algorithm will be used for encrypting password
 # If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
 # If set to DES, DES-based algorithm will be used for encrypting password (default)
 # Overrides the MD5_CRYPT_ENAB option
 #
@@ -315,8 +325,23 @@ ENCRYPT_METHOD SHA256
 # If only one of the MIN or MAX values is set, then this value will be used.
 # If MIN > MAX, the highest value will be used.
 #
-# SHA_CRYPT_MIN_ROUNDS 5000
-# SHA_CRYPT_MAX_ROUNDS 5000
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+#
+# Only works if ENCRYPT_METHOD is set to BCRYPT.
+#
+# Define the number of BCRYPT rounds.
+# With a lot of rounds, it is more difficult to brute-force the password.
+# However, more CPU resources will be needed to authenticate users if
+# this value is increased.
+#
+# If not specified, 13 rounds will be attempted.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+#BCRYPT_MIN_ROUNDS 13
+#BCRYPT_MAX_ROUNDS 13
 
 #
 # List of groups to add to the user's supplementary group set