policy.conf(4)
NAME
policy.conf - configuration file for security policy
SYNOPSIS
/etc/security/policy.conf
DESCRIPTION
The policy.conf file provides the security policy configura-
tion for user-level attributes. Each entry consists of a
key/value pair in the form:
key=value
The following keys are defined:
AUTHS_GRANTED
Specify the default set of authorizations granted to
all users. This entry is interpreted by
chkauthattr(3SECDB). The value is one or more comma-
separated authorizations defined in auth_attr(4).
PROFS_GRANTED
Specify the default set of profiles granted to all
users. This entry is interpreted by
chkauthattr(3SECDB) and getexecuser(3SECDB). The value
is one or more comma-separated profiles defined in
prof_attr(4).
CRYPT_ALGORITHMS_ALLOW
Specify the algorithms that are allowed for new pass-
words and is enforced only in crypt_gensalt(3C).
CRYPT_ALGORITHMS_DEPRECATE
Specify the algorithm for new passwords that is to be
deprecated. For example, to deprecate use of the trad-
itional UNIX algorithm, specify
CRYPT_ALGORITHMS_DEPRECATE=__unix__ and change
CRYPT_DEFAULT= to another algorithm, such as
CRYPT_DEFAULT=1 for BSD and Linux MD5.
CRYPT_DEFAULT
Specify the default algorithm for new passwords. The
Solaris default is the traditional UNIX algorithm.
This is not listed in crypt.conf(4) since it is inter-
nal to libc. The reserved name __unix__ is used to
refer to it.
The key/value pair must appear on a single line, and the key
must start the line. Lines starting with # are taken as com-
ments and ignored. Option name comparisons are case-
insensitive.
Only one CRYPT_ALGORITHMS_ALLOW or
CRYPT_ALGORITHMS_DEPRECATE value can be specified. Whichever
is listed first in the file takes precedence. The algorithm
specified for CRYPT_DEFAULT must either be specified for
CRYPT_ALGORITHMS_ALLOW or not be specified for
CRYPT_ALGORITHMS_DEPRECATE. If CRYPT_DEFAULT is not speci-
fied, the default is __unix__.
EXAMPLES
Example 1: Defining a key/value pair
AUTHS_GRANTED=com.sun.date
FILES
/etc/user_attr
Defines extended user attributes.
/etc/security/auth_attr
Defines authorizations.
/etc/security/prof_attr
Defines profiles.
/etc/security/policy.conf
Defines policy for the system.
SEE ALSO
pfexec(1), chkauthattr(3SECDB), getexecuser(3SECDB),
auth_attr(4), crypt.conf(4), prof_attr(4), user_attr(4)
Man(1) output converted with
man2html