The setting of account-policy is best done as part of an Automated Installation (AI) through an SMF profile.
The following SMF profile example enables stenciling for all account-policy configuration files and sets selected properties. This AI profile would be delivered into /etc/svc/profile/{node,site,enterprise} by a customer's IPS package during initial AI.
<?xml version='1.0' encoding='US-ASCII'?>
<!DOCTYPE service_bundle SYSTEM
"/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="site-account-policy">
<service version="1" type="service" name="system/account-policy">
<!-- Enable stenciling -->
<instance name="default" enabled="true" />
<property_group name="config" type="system">
<property_group name="etc_default_login" type="configfile">
<propval type="boolean" name="disabled" value="false"/>
</property_group>
<property_group name="etc_default_passwd" type="configfile">
<propval type="boolean" name="disabled" value="false"/>
</property_group>
<property_group name="etc_default_su" type="configfile">
<propval type="boolean" name="disabled" value="false"/>
</property_group>
<property_group name="etc_security_policyconf" type="configfile">
<propval type="boolean" name="disabled" value="false"/>
</property_group>
</property_group>'
<!-- Set account policy -->
<property_group name="login_policy">
<propval name="disabletime" type="count" value="0"/>
<propval name="pam_policy" type="astring" value="ldap"/>
<propval name="annotation" type="astring" value="yes"/>
</property_group>
</service>
</service_bundle>