On Tue, 2012-11-06 at 11:53 +0000, Moray Henderson wrote:

Sorry for the off-topic question: this is the only security-type list I'm a member of. Please point me to a better place to ask if there is one. I've just been looking at the 'rounds' options for sha512 password hashing.

According to the man pages, you can set rounds options in: 1) /etc/libuser.conf 2) pam_unix 3) /etc/login.defs. Now I'm confused: is this really 3 different places to set the same thing? Do they all need to be set? Which is used under what circumstances? What happens if they are set differently?

This is really off-topic here, but yes, you need to set them at all of the 3 places if you want them to be consistently applied across the various tools. If you are interested just in setting the rounds for password changes via passwd command and due to expiration on login, you can just set the value in PAM configuration in the pam_unix arguments.