policy.conf(4)

NAME

     policy.conf - configuration file for security policy

SYNOPSIS

     /etc/security/policy.conf

DESCRIPTION

     The policy.conf file provides the security policy configura-
     tion  for  user-level  attributes.  Each entry consists of a
     key/value pair in the form:

          key=value

     The following keys are defined:

     AUTHS_GRANTED
           Specify the default set of authorizations  granted  to
           all    users.    This    entry   is   interpreted   by
           chkauthattr(3SECDB). The value is one or  more  comma-
           separated authorizations defined in auth_attr(4).

     PROFS_GRANTED
           Specify the default set of  profiles  granted  to  all
           users.     This     entry     is     interpreted    by
           chkauthattr(3SECDB) and getexecuser(3SECDB). The value
           is  one  or  more  comma-separated profiles defined in
           prof_attr(4).

     CRYPT_ALGORITHMS_ALLOW
           Specify the algorithms that are allowed for new  pass-
           words and is enforced only in crypt_gensalt(3C).

     CRYPT_ALGORITHMS_DEPRECATE
           Specify the algorithm for new passwords that is to  be
           deprecated. For example, to deprecate use of the trad-
           itional        UNIX         algorithm,         specify
           CRYPT_ALGORITHMS_DEPRECATE=__unix__     and     change
           CRYPT_DEFAULT=   to   another   algorithm,   such   as
           CRYPT_DEFAULT=1 for BSD and Linux MD5.

     CRYPT_DEFAULT
           Specify the default algorithm for new  passwords.  The
           Solaris  default  is  the  traditional UNIX algorithm.
           This is not listed in crypt.conf(4) since it is inter-
           nal  to  libc.   The reserved name __unix__ is used to
           refer to it.

     The key/value pair must appear on a single line, and the key
     must start the line. Lines starting with # are taken as com-
     ments  and  ignored.  Option  name  comparisons  are   case-
     insensitive.
     Only         one          CRYPT_ALGORITHMS_ALLOW          or
     CRYPT_ALGORITHMS_DEPRECATE value can be specified. Whichever
     is listed first in the file takes precedence. The  algorithm
     specified  for  CRYPT_DEFAULT  must  either be specified for
     CRYPT_ALGORITHMS_ALLOW   or    not    be    specified    for
     CRYPT_ALGORITHMS_DEPRECATE.   If CRYPT_DEFAULT is not speci-
     fied, the default is __unix__.

EXAMPLES

     Example 1: Defining a key/value pair

     AUTHS_GRANTED=com.sun.date

FILES

     /etc/user_attr
           Defines extended user attributes.

     /etc/security/auth_attr
           Defines authorizations.

     /etc/security/prof_attr
           Defines profiles.

     /etc/security/policy.conf
           Defines policy for the system.

SEE ALSO

     pfexec(1),     chkauthattr(3SECDB),     getexecuser(3SECDB),
     auth_attr(4), crypt.conf(4), prof_attr(4), user_attr(4)
Man(1) output converted with man2html