|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris 10 1/13 What's New Oracle Solaris 10 1/13 Information Library|
This section describes security enhancements in this release.
Starting with the Oracle Solaris 10 1/13 release, the 64-bit version of the openssl command-line utility is available in the /usr/sfw/bin/sparcv9 and /usr/sfw/bin/amd64 directories. You can use the 64-bit version of the openssl command to perform benchmark testing and functional testing of the OpenSSL libraries in 64-bit mode.
Note - The 32-bit version of the openssl command is located in the /usr/sfw/bin/openssl directory.
For more information, see the openssl(5) man page.
The new RESTRICTIVE_LOCKING option in the /etc/security/policy.conf file makes the password and account creation behavior, which was introduced in the Oracle Solaris 10 9/10 and Oracle Solaris 10 8/11 releases, optional.
The default behavior of the RESTRICTIVE_LOCKING option retains the following changes:
Assigning a new password does not unlock a locked account
Account lockout requires two steps for NOLOGIN accounts
If the RESTRICTIVE_LOCKING option is set to NO in the policy.conf file, the security administrators can configure systems in one of the following ways:
Retain the restrictive locking policies that were introduced in the Oracle Solaris 10 9/10 and Oracle Solaris 10 8/11 releases
Retain compatibility with Sun Identity Manager, third-party, or site-developed security systems that have been programmed to expect the behavior of passwd(1), useradd(1M), and related utilities
For more information about the RESTRICTIVE_LOCKING option, see the /etc/security/policy.conf file. Also, see the passwd(1) and policy.conf(4) man pages.