The setting of account-policy is best done as part of an Automated Installation (AI) through an SMF profile.
The following SMF profile example enables stenciling for all account-policy configuration files and sets selected properties. This AI profile would be delivered into /etc/svc/profile/{node,site,enterprise} by a customer's IPS package during initial AI.
<?xml version='1.0' encoding='US-ASCII'?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <service_bundle type="profile" name="site-account-policy"> <service version="1" type="service" name="system/account-policy"> <!-- Enable stenciling --> <instance name="default" enabled="true" /> <property_group name="config" type="system"> <property_group name="etc_default_login" type="configfile"> <propval type="boolean" name="disabled" value="false"/> </property_group> <property_group name="etc_default_passwd" type="configfile"> <propval type="boolean" name="disabled" value="false"/> </property_group> <property_group name="etc_default_su" type="configfile"> <propval type="boolean" name="disabled" value="false"/> </property_group> <property_group name="etc_security_policyconf" type="configfile"> <propval type="boolean" name="disabled" value="false"/> </property_group> </property_group>' <!-- Set account policy --> <property_group name="login_policy"> <propval name="disabletime" type="count" value="0"/> <propval name="pam_policy" type="astring" value="ldap"/> <propval name="annotation" type="astring" value="yes"/> </property_group> </service> </service_bundle>