We used to have different numbers of blowfish rounds between the
default and daemon classes in login.conf. On Jun 26, 2016, tedu
committed "upgrade selected login.conf to use auto rounds for bcrypt"
for amd64, sparc64, i386, and maccpc.
Since the class daemon inherits from the default class, the
:localcipher=blowfish,a:\
is a duplicate.
ok millert@ deraadt@ sthen@

responsive during packages compilation, especially on slower machines.
feedback welcome from people building ports
discussed with deraadt@

ok semarie@

ok deraadt@

raising openfiles-cur above the implicit -max value (1024 on at least the
common arch) results in the setting not being applied at all.
Earlier version OK tom@ danj@ ajacoutot@ benno@ krw@ beck@, suggestion about
openfiles= from millert@ - changes in this version are to use 1024 for -max
rather than 512 to avoid changing the existing hard limit, and just use
openfiles= for bgpd/unbound where max and cur are the same value.

already does this, so we don't want to go backwards on password changes.
ok krw

and pwd_gensalt.c - so remove it from the default /etc/login.conf files as well.
ok millert@

than the daemon class' default of 128.  Reminded by/ok ajacoutot@

ok henning@

ok deraadt millert

initially intended for YubiKey, jmc@ noted that list was out of date.
ok deraadt@, jmc@

already there).
ok sthen@ millert@ gilles@ deraadt@

Use bgpd(8) for this which on a peering router often needs openfiles-cur
to be higher than the default. ok henning@ claudio@ deraadt@

ok deraadt

with new binutils without tweaking datasize. ok deraadt@ millert@

really want this.  secure by default, and as i say, bite me.  millert
and markus and miod ok

o no longer install passwd.conf (but it is used if it exists and the
needed info is not in login.conf)
o added passwordtime and minpasswordlen login.conf variables

setusercontext() in most places where previously we did a setlogin().
Add default login.conf file and put root in the "daemon" login class.