policy.conf - configuration file for security policy
The policy.conf file provides the security policy configura-
tion for user-level attributes. Each entry consists of a
key/value pair in the form:
The following keys are defined:
Specify the default set of authorizations granted to
all users. This entry is interpreted by
chkauthattr(3SECDB). The value is one or more comma-
separated authorizations defined in auth_attr(4).
Specify the default set of profiles granted to all
users. This entry is interpreted by
chkauthattr(3SECDB) and getexecuser(3SECDB). The value
is one or more comma-separated profiles defined in
Specify the algorithms that are allowed for new pass-
words and is enforced only in crypt_gensalt(3C).
Specify the algorithm for new passwords that is to be
deprecated. For example, to deprecate use of the trad-
itional UNIX algorithm, specify
CRYPT_ALGORITHMS_DEPRECATE=__unix__ and change
CRYPT_DEFAULT= to another algorithm, such as
CRYPT_DEFAULT=1 for BSD and Linux MD5.
Specify the default algorithm for new passwords. The
Solaris default is the traditional UNIX algorithm.
This is not listed in crypt.conf(4) since it is inter-
nal to libc. The reserved name __unix__ is used to
refer to it.
The key/value pair must appear on a single line, and the key
must start the line. Lines starting with # are taken as com-
ments and ignored. Option name comparisons are case-
Only one CRYPT_ALGORITHMS_ALLOW or
CRYPT_ALGORITHMS_DEPRECATE value can be specified. Whichever
is listed first in the file takes precedence. The algorithm
specified for CRYPT_DEFAULT must either be specified for
CRYPT_ALGORITHMS_ALLOW or not be specified for
CRYPT_ALGORITHMS_DEPRECATE. If CRYPT_DEFAULT is not speci-
fied, the default is __unix__.
Example 1: Defining a key/value pair
Defines extended user attributes.
Defines policy for the system.
pfexec(1), chkauthattr(3SECDB), getexecuser(3SECDB),
auth_attr(4), crypt.conf(4), prof_attr(4), user_attr(4)
Man(1) output converted with