diff --git a/trunk/FS66068.patch b/trunk/FS66068.patch
new file mode 100644
index 0000000..f0a4374
--- /dev/null
+++ b/trunk/FS66068.patch
@@ -0,0 +1,19 @@
+diff --git a/etc/login.defs b/etc/login.defs
+index 4965d58..ff018c4 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -81,12 +81,12 @@ TTYPERM 0600
+ # 022 is the default value, but 027, or even 077, could be considered
+ # for increased privacy. There is no One True Answer here: each sysadmin
+ # must make up their mind.
+-UMASK 077
++UMASK 022
+
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+ # If HOME_MODE is not set, the value of UMASK is used to create the mode.
+-#HOME_MODE 0700
++HOME_MODE 0700
+
+ #
+ # Password aging controls:
diff --git a/trunk/FS71393.patch b/trunk/FS71393.patch
new file mode 100644
index 0000000..df89441
--- /dev/null
+++ b/trunk/FS71393.patch
@@ -0,0 +1,13 @@
+diff --git a/etc/login.defs b/etc/login.defs
+index ff018c4..3c24592 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -157,7 +157,7 @@ CHFN_RESTRICT rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-ENCRYPT_METHOD SHA512
++ENCRYPT_METHOD YESCRYPT
+
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
diff --git a/trunk/PKGBUILD b/trunk/PKGBUILD
index 22805a8..2935147 100644
--- a/trunk/PKGBUILD
+++ b/trunk/PKGBUILD
@@ -11,6 +11,7 @@ license=('BSD')
# libcap-ng needed by install scriptlet for 'filecap'
depends=('pam' 'acl' 'libacl.so' 'audit' 'libaudit.so' 'libcap-ng' 'libcap-ng.so'
'libxcrypt' 'libcrypt.so')
+makedepends=('itstool' 'libxslt')
backup=(etc/login.defs
etc/pam.d/{chage,passwd,shadow,useradd,usermod,userdel}
etc/pam.d/{chpasswd,newusers,groupadd,groupdel,groupmod}
@@ -19,11 +20,15 @@ backup=(etc/login.defs
options=('!emptydirs')
validpgpkeys=('66D0387DB85D320F8408166DB175CFA98F192AF2') # Serge Hallyn
source=("https://github.com/shadow-maint/shadow/releases/download/v$pkgver/shadow-$pkgver.tar.xz"{,.asc}
+ shadow-4.8-ignore-login-prompt.patch # From Fedora
+ unsupported-options.patch
+ login.defs-arch.patch
+ FS66068.patch
+ FS71393.patch
LICENSE
chgpasswd
chpasswd
defaults.pam
- login.defs
newusers
passwd
shadow.{timer,service}
@@ -31,17 +36,34 @@ source=("https://github.com/shadow-maint/shadow/releases/download/v$pkgver/shado
install=shadow.install
sha1sums=('9cb767b86ff2b46e880b428e817972aa07b3a67c'
'SKIP'
+ '21c84f51d0bb9e61f00bc30bba7bf24778278995'
+ '85c4f80ffd4f0943e74fd57c66d13e1cbd193836'
+ 'b18cbd416a7f29ad3b298f4fe253aba7127dd466'
+ 'ad3c7621c2c64b5c53d7095faed66859c5c9a3f7'
+ 'f57f8336c71003aab0cfe28c6875de38bf9644a9'
'33a6cf1e44a1410e5c9726c89e5de68b78f5f922'
'4ad0e059406a305c8640ed30d93c2a1f62c2f4ad'
'12427b1ca92a9b85ca8202239f0d9f50198b818f'
'0e56fed7fc93572c6bf0d8f3b099166558bb46f1'
- '81a02eadb5f605fef5c75b6d8a03713a7041864b'
'12427b1ca92a9b85ca8202239f0d9f50198b818f'
'611be25d91c3f8f307c7fe2485d5f781e5dee75f'
'a154a94b47a3d0c6c287253b98c0d10b861226d0'
'b5540736f5acbc23b568973eb5645604762db3dd'
'c173208c5cf34528602f9931468a67b7f68abad3')
+prepare() {
+ cd "$pkgname-$pkgver"
+ patch -p1 -i ../shadow-4.8-ignore-login-prompt.patch # Do not complain about LOGIN_PLAIN_PROMPT option that is used by login from util-linux.
+ patch -p1 -i ../unsupported-options.patch # Remove uptions not supported due to use of pam or util-linux from login.defs.
+ patch -p1 -i ../login.defs-arch.patch # Set Arch defaults.
+ patch -p1 -i ../FS66068.patch # Changes to login.defs for FS#66068 should be merged into above patch if accepted.
+ patch -p1 -i ../FS71393.patch # Changes to login.defs for FS#71393 should be merged into above patch if accepted.
+ for _option in "${_unsupported_options[@]}"
+ do
+ sed -i -e "/${_option}.xml/d" -e "/\&${_option}\;/d" man/login.defs.5.xml
+ done
+}
+
build() {
cd "$pkgname-$pkgver"
@@ -57,8 +79,12 @@ build() {
--with-group-name-max-length=32 \
--with-audit \
--without-selinux \
- --without-su
+ --without-su \
+ --enable-man \
+ --with-bcrypt \
+ --with-yescrypt
+ sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
make
}
@@ -80,9 +106,6 @@ package() {
install -d -m755 "$pkgdir/usr/lib/systemd/system/timers.target.wants"
ln -s ../shadow.timer "$pkgdir/usr/lib/systemd/system/timers.target.wants/shadow.timer"
- # login.defs
- install -Dm644 "$srcdir/login.defs" "$pkgdir/etc/login.defs"
-
# PAM config - custom
rm "$pkgdir/etc/pam.d"/*
install -t "$pkgdir/etc/pam.d" -m644 "$srcdir"/{passwd,chgpasswd,chpasswd,newusers}
diff --git a/trunk/login.defs-arch.patch b/trunk/login.defs-arch.patch
new file mode 100644
index 0000000..9194f65
--- /dev/null
+++ b/trunk/login.defs-arch.patch
@@ -0,0 +1,76 @@
+diff --git a/etc/login.defs b/etc/login.defs
+index 5c709e9..4965d58 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -1,8 +1,14 @@
+ #
+ # /etc/login.defs - Configuration control definitions for the shadow package.
+ #
+-# $Id$
++# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
++# If unspecified, some arbitrary (and possibly incorrect) value will
++# be assumed. All other items are optional - if not specified then
++# the described action or option will be inhibited.
+ #
++# Comment lines (lines beginning with "#") and blank lines are ignored.
++#
++# Modified for Linux. --marekm
+
+ #
+ # Enable display of unknown usernames when login(1) failures are recorded.
+@@ -27,7 +33,7 @@ SYSLOG_SG_ENAB yes
+ # If defined, ":" delimited list of "message of the day" files to
+ # be displayed upon login.
+ #
+-MOTD_FILE /etc/motd
++MOTD_FILE
+ #MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+
+ #
+@@ -51,8 +57,8 @@ HUSHLOGIN_FILE .hushlogin
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+ # (they are minimal, add the rest in the shell startup files)
+-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
+-ENV_PATH PATH=/bin:/usr/bin
++ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
++ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+ #
+ # Terminal permissions
+@@ -75,7 +81,7 @@ TTYPERM 0600
+ # 022 is the default value, but 027, or even 077, could be considered
+ # for increased privacy. There is no One True Answer here: each sysadmin
+ # must make up their mind.
+-UMASK 022
++UMASK 077
+
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+@@ -99,7 +105,7 @@ PASS_WARN_AGE 7
+ UID_MIN 1000
+ UID_MAX 60000
+ # System accounts
+-SYS_UID_MIN 101
++SYS_UID_MIN 500
+ SYS_UID_MAX 999
+ # Extra per user uids
+ SUB_UID_MIN 100000
+@@ -112,7 +118,7 @@ SUB_UID_COUNT 65536
+ GID_MIN 1000
+ GID_MAX 60000
+ # System accounts
+-SYS_GID_MIN 101
++SYS_GID_MIN 500
+ SYS_GID_MAX 999
+ # Extra per user group ids
+ SUB_GID_MIN 100000
+@@ -151,7 +157,7 @@ CHFN_RESTRICT rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
++ENCRYPT_METHOD SHA512
+
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
diff --git a/trunk/options.patch b/trunk/options.patch
new file mode 100644
index 0000000..d496dd8
--- /dev/null
+++ b/trunk/options.patch
@@ -0,0 +1,503 @@
+diff --git a/etc/login.defs b/etc/login.defs
+index a2f8cd50..eebf0d99 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -11,26 +11,11 @@
+ #
+ FAIL_DELAY 3
+
+-#
+-# Enable logging and display of /var/log/faillog login(1) failure info.
+-#
+-FAILLOG_ENAB yes
+-
+ #
+ # Enable display of unknown usernames when login(1) failures are recorded.
+ #
+ LOG_UNKFAIL_ENAB no
+
+-#
+-# Enable logging of successful logins
+-#
+-LOG_OK_LOGINS no
+-
+-#
+-# Enable logging and display of /var/log/lastlog login(1) time info.
+-#
+-LASTLOG_ENAB yes
+-
+ #
+ # Limit the highest user ID number for which the lastlog entries should
+ # be updated.
+@@ -41,48 +26,10 @@ LASTLOG_ENAB yes
+ #LASTLOG_UID_MAX
+
+ #
+-# Enable checking and display of mailbox status upon login.
+-#
+-# Disable if the shell startup files already check for mail
+-# ("mailx -e" or equivalent).
+-#
+-MAIL_CHECK_ENAB yes
+-
+-#
+-# Enable additional checks upon password changes.
+-#
+-OBSCURE_CHECKS_ENAB yes
+-
+-#
+-# Enable checking of time restrictions specified in /etc/porttime.
+-#
+-PORTTIME_CHECKS_ENAB yes
+-
+-#
+-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
+-#
+-QUOTAS_ENAB yes
+-
+-#
+-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
+-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
++# Enable "syslog" logging of newgrp(1) and sg(1) activity.
+ #
+-SYSLOG_SU_ENAB yes
+ SYSLOG_SG_ENAB yes
+
+-#
+-# If defined, either full pathname of a file containing device names or
+-# a ":" delimited list of device names. Root logins will be allowed only
+-# from these devices.
+-#
+-CONSOLE /etc/securetty
+-#CONSOLE console:tty01:tty02:tty03:tty04
+-
+-#
+-# If defined, all su(1) activity is logged to this file.
+-#
+-#SULOG_FILE /var/log/sulog
+-
+ #
+ # If defined, ":" delimited list of "message of the day" files to
+ # be displayed upon login.
+@@ -90,38 +37,6 @@ CONSOLE /etc/securetty
+ MOTD_FILE /etc/motd
+ #MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+
+-#
+-# If defined, this file will be output before each login(1) prompt.
+-#
+-#ISSUE_FILE /etc/issue
+-
+-#
+-# If defined, file which maps tty line to TERM environment parameter.
+-# Each line of the file is in a format similar to "vt100 tty01".
+-#
+-#TTYTYPE_FILE /etc/ttytype
+-
+-#
+-# If defined, login(1) failures will be logged here in a utmp format.
+-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
+-#
+-FTMP_FILE /var/log/btmp
+-
+-#
+-# If defined, name of file whose presence will inhibit non-root
+-# logins. The content of this file should be a message indicating
+-# why logins are inhibited.
+-#
+-NOLOGINS_FILE /etc/nologin
+-
+-#
+-# If defined, the command name to display when running "su -". For
+-# example, if this is defined as "su" then ps(1) will display the
+-# command as "-su". If not defined, then ps(1) will display the
+-# name of the shell actually being run, e.g. something like "-sh".
+-#
+-SU_NAME su
+-
+ #
+ # *REQUIRED*
+ # Directory where mailboxes reside, _or_ name of file, relative to the
+@@ -139,21 +54,6 @@ MAIL_DIR /var/spool/mail
+ HUSHLOGIN_FILE .hushlogin
+ #HUSHLOGIN_FILE /etc/hushlogins
+
+-#
+-# If defined, either a TZ environment parameter spec or the
+-# fully-rooted pathname of a file containing such a spec.
+-#
+-#ENV_TZ TZ=CST6CDT
+-#ENV_TZ /etc/tzname
+-
+-#
+-# If defined, an HZ environment parameter spec.
+-#
+-# for Linux/x86
+-ENV_HZ HZ=100
+-# For Linux/Alpha...
+-#ENV_HZ HZ=1024
+-
+ #
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+@@ -175,23 +75,6 @@ ENV_PATH PATH=/bin:/usr/bin
+ TTYGROUP tty
+ TTYPERM 0600
+
+-#
+-# Login configuration initializations:
+-#
+-# ERASECHAR Terminal ERASE character ('\010' = backspace).
+-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+-# ULIMIT Default "ulimit" value.
+-#
+-# The ERASECHAR and KILLCHAR are used only on System V machines.
+-# The ULIMIT is used only if the system supports it.
+-# (now it works with setrlimit too; ulimit is in 512-byte units)
+-#
+-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+-#
+-ERASECHAR 0177
+-KILLCHAR 025
+-#ULIMIT 2097152
+-
+ # Default initial "umask" value used by login(1) on non-PAM enabled systems.
+ # Default "umask" value for pam_umask(8) on PAM enabled systems.
+ # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+@@ -211,27 +94,12 @@ UMASK 022
+ #
+ # PASS_MAX_DAYS Maximum number of days a password may be used.
+ # PASS_MIN_DAYS Minimum number of days allowed between password changes.
+-# PASS_MIN_LEN Minimum acceptable password length.
+ # PASS_WARN_AGE Number of days warning given before a password expires.
+ #
+ PASS_MAX_DAYS 99999
+ PASS_MIN_DAYS 0
+-PASS_MIN_LEN 5
+ PASS_WARN_AGE 7
+
+-#
+-# If "yes", the user must be listed as a member of the first gid 0 group
+-# in /etc/group (called "root" on most Linux systems) to be able to "su"
+-# to uid 0 accounts. If the group doesn't exist or is empty, no one
+-# will be able to "su" to uid 0.
+-#
+-SU_WHEEL_ONLY no
+-
+-#
+-# If compiled with cracklib support, sets the path to the dictionaries
+-#
+-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
+-
+ #
+ # Min/max values for automatic uid selection in useradd(8)
+ #
+@@ -268,28 +136,6 @@ LOGIN_RETRIES 5
+ #
+ LOGIN_TIMEOUT 60
+
+-#
+-# Maximum number of attempts to change password if rejected (too easy)
+-#
+-PASS_CHANGE_TRIES 5
+-
+-#
+-# Warn about weak passwords (but still allow them) if you are root.
+-#
+-PASS_ALWAYS_WARN yes
+-
+-#
+-# Number of significant characters in the password for crypt().
+-# Default is 8, don't change unless your crypt() is better.
+-# Ignored if MD5_CRYPT_ENAB set to "yes".
+-#
+-#PASS_MAX_LEN 8
+-
+-#
+-# Require password before chfn(1)/chsh(1) can make any changes.
+-#
+-CHFN_AUTH yes
+-
+ #
+ # Which fields may be changed by regular users using chfn(1) - use
+ # any combination of letters "frwh" (full name, room number, work
+@@ -298,13 +144,6 @@ CHFN_AUTH yes
+ #
+ CHFN_RESTRICT rwh
+
+-#
+-# Password prompt (%s will be replaced by user name).
+-#
+-# XXX - it doesn't work correctly yet, for now leave it commented out
+-# to use the default which is just "Password: ".
+-#LOGIN_STRING "%s's Password: "
+-
+ #
+ # Only works if compiled with MD5_CRYPT defined:
+ # If set to "yes", new passwords will be encrypted using the MD5-based
+@@ -365,29 +204,12 @@ CHFN_RESTRICT rwh
+ #BCRYPT_MIN_ROUNDS 13
+ #BCRYPT_MAX_ROUNDS 13
+
+-#
+-# List of groups to add to the user's supplementary group set
+-# when logging in from the console (as determined by the CONSOLE
+-# setting). Default is none.
+-#
+-# Use with caution - it is possible for users to gain permanent
+-# access to these groups, even when not logged in from the console.
+-# How to do it is left as an exercise for the reader...
+-#
+-#CONSOLE_GROUPS floppy:audio:cdrom
+-
+ #
+ # Should login be allowed if we can't cd to the home directory?
+ # Default is no.
+ #
+ DEFAULT_HOME yes
+
+-#
+-# If this file exists and is readable, login environment will be
+-# read from it. Every line should be in the form name=value.
+-#
+-ENVIRON_FILE /etc/environment
+-
+ #
+ # If defined, this command is run when removing a user.
+ # It should remove any at/cron/print jobs etc. owned by
+diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
+index 9e95da20..36992c4b 100644
+--- a/man/login.defs.5.xml
++++ b/man/login.defs.5.xml
+@@ -31,67 +31,37 @@
+ -->
+
+
+-
+-
+-
+
+
+
+-
+
+
+-
+-
+-
+
+-
+-
+-
+
+
+
+-
+-
+-
+
+-
+
+
+-
+
+-
+
+
+
+
+-
+-
+-
+-
+-
+
+
+
+-
+-
+
+-
+-
+-
+
+
+
+
+-
+
+
+
+
+-
+
+-
+
+
+
+@@ -167,45 +137,24 @@
+ The following configuration items are provided:
+
+
+- &CHFN_AUTH;
+ &CHFN_RESTRICT;
+- &CHSH_AUTH;
+- &CONSOLE;
+- &CONSOLE_GROUPS;
+ &CREATE_HOME;
+ &DEFAULT_HOME;
+ &ENCRYPT_METHOD;
+- &ENV_HZ;
+ &ENV_PATH;
+ &ENV_SUPATH;
+- &ENV_TZ;
+- &ENVIRON_FILE;
+- &ERASECHAR;
+ &FAIL_DELAY;
+- &FAILLOG_ENAB;
+- &FAKE_SHELL;
+- &FTMP_FILE;
+ &GID_MAX;
+ &HOME_MODE;
+ &HUSHLOGIN_FILE;
+- &ISSUE_FILE;
+- &KILLCHAR;
+- &LASTLOG_ENAB;
+ &LASTLOG_UID_MAX;
+- &LOG_OK_LOGINS;
+ &LOG_UNKFAIL_ENAB;
+ &LOGIN_RETRIES;
+- &LOGIN_STRING;
+ &LOGIN_TIMEOUT;
+- &MAIL_CHECK_ENAB;
+ &MAIL_DIR;
+ &MAX_MEMBERS_PER_GROUP;
+ &MD5_CRYPT_ENAB;
+ &MOTD_FILE;
+- &NOLOGINS_FILE;
+- &OBSCURE_CHECKS_ENAB;
+- &PASS_ALWAYS_WARN;
+- &PASS_CHANGE_TRIES;
+ &PASS_MAX_DAYS;
+ &PASS_MIN_DAYS;
+ &PASS_WARN_AGE;
+@@ -215,25 +164,16 @@
+ time of account creation. Any changes to these settings won't affect
+ existing accounts.
+
+- &PASS_MAX_LEN;
+- &PORTTIME_CHECKS_ENAB;
+- "AS_ENAB;
+ &SHA_CRYPT_MIN_ROUNDS;
+- &SULOG_FILE;
+- &SU_NAME;
+- &SU_WHEEL_ONLY;
+ &SUB_GID_COUNT;
+ &SUB_UID_COUNT;
+ &SYS_GID_MAX;
+ &SYS_UID_MAX;
+ &SYSLOG_SG_ENAB;
+- &SYSLOG_SU_ENAB;
+ &TCB_AUTH_GROUP;
+ &TCB_SYMLINKS;
+ &TTYGROUP;
+- &TTYTYPE_FILE;
+ &UID_MAX;
+- &ULIMIT;
+ &UMASK;
+ &USERDEL_CMD;
+ &USERGROUPS_ENAB;
+@@ -359,35 +299,6 @@
+ LASTLOG_UID_MAX
+
+
+-
+- login
+-
+-
+- CONSOLE
+- CONSOLE_GROUPS DEFAULT_HOME
+- ENV_HZ ENV_PATH ENV_SUPATH
+- ENV_TZ ENVIRON_FILE
+- ERASECHAR FAIL_DELAY
+- FAILLOG_ENAB
+- FAKE_SHELL
+- FTMP_FILE
+- HUSHLOGIN_FILE
+- ISSUE_FILE
+- KILLCHAR
+- LASTLOG_ENAB LASTLOG_UID_MAX
+- LOGIN_RETRIES
+- LOGIN_STRING
+- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
+- MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
+- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
+- QUOTAS_ENAB
+- TTYGROUP TTYPERM TTYTYPE_FILE
+- ULIMIT UMASK
+- USERGROUPS_ENAB
+-
+-
+-
+-
+
+ newgrp / sg
+
+@@ -452,32 +363,6 @@
+
+
+
+-
+- su
+-
+-
+- CONSOLE
+- CONSOLE_GROUPS DEFAULT_HOME
+- ENV_HZ ENVIRON_FILE
+- ENV_PATH ENV_SUPATH
+- ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
+- MAIL_DIR MAIL_FILE QUOTAS_ENAB
+- SULOG_FILE SU_NAME
+- SU_WHEEL_ONLY
+- SYSLOG_SU_ENAB
+- USERGROUPS_ENAB
+-
+-
+-
+-
+- sulogin
+-
+-
+- ENV_HZ
+- ENV_TZ
+-
+-
+-
+
+ useradd
+
+@@ -507,22 +392,6 @@
+
+
+
+- usermod
+-
+-
+- LASTLOG_UID_MAX
+- MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP
+- TCB_SYMLINKS USE_TCB
+-
+-
+-
+-
+- vipw
+-
+-
+- USE_TCB
+-
+-
+
+
+
diff --git a/trunk/shadow-4.8-ignore-login-prompt.patch b/trunk/shadow-4.8-ignore-login-prompt.patch
new file mode 100644
index 0000000..c93aae7
--- /dev/null
+++ b/trunk/shadow-4.8-ignore-login-prompt.patch
@@ -0,0 +1,11 @@
+diff -up shadow-4.8/lib/getdef.c.login-prompt shadow-4.8/lib/getdef.c
+--- shadow-4.8/lib/getdef.c.login-prompt 2020-01-13 10:38:44.852796681 +0100
++++ shadow-4.8/lib/getdef.c 2020-01-13 10:39:54.472612511 +0100
+@@ -98,6 +98,7 @@ static struct itemdef def_table[] = {
+ {"LASTLOG_UID_MAX", NULL},
+ {"LOGIN_RETRIES", NULL},
+ {"LOGIN_TIMEOUT", NULL},
++ {"LOGIN_PLAIN_PROMPT", NULL},
+ {"LOG_OK_LOGINS", NULL},
+ {"LOG_UNKFAIL_ENAB", NULL},
+ {"MAIL_DIR", NULL},