Enhanced crypt() Function for Software Developers

This feature is new in the Software Express pilot program and in the Solaris 9 12/02 release. This feature is included in the Solaris 10 3/05 release.

The Software Express releases include new extensions to the crypt() function and introduce the crypt_gensalt()function. These enhancements allow administrators to change the algorithm that is used to obscure users' UNIX login passwords.

Modules are included for MD5 and Blowfish. The MD5 modules are at crypt_sunmd5 and crypt_bsdmd5. The Blowfish module is at crypt_bsdbf.

Developers can create new modules for alternate password-obscuring algorithms. Application developers must use the crypt_gensalt() function instead of manually generating the salt string for passing to the crypt() function.

Modules for alternate algorithms are specified in the crypt.conf(4) file. The module_path field specifies the path to the shared library object that implements the two required functions:

• crypt_gensalt_impl() – Generates the salt string

• crypt_genhash_impl() – Generates the encrypted password

For further information, see the crypt(3C) and the policy.conf(4) man pages.