Solaris Trusted Extensions Administrator's Procedures

ProcedureHow to Change Security Defaults in System Files

In Trusted Extensions, the security administrator changes or accesses default security settings on a system.

Files in the /etc/security and /etc/default directories contain security settings. On a Solaris system, superuser can edit these files. For Solaris security information, see Chapter 3, Controlling Access to Systems (Tasks), in System Administration Guide: Security Services.

Caution – Caution –

Relax system security defaults only if site security policy allows you to.

Before You Begin

You must be in the Security Administrator role in the global zone.

  1. Use the trusted editor to edit the system file.

    For details, see How to Edit Administrative Files in Trusted Extensions.



    For More Information 


    Reduce the allowed number of password tries. 

    See the example under How to Monitor All Failed Login Attempts in System Administration Guide: Security Services.

    passwd(1) man page


    Disable keyboard shutdown. 

    How to Disable a System’s Abort Sequence in System Administration Guide: Security Services

    Note –

    On hosts that are used by administrators for debugging, the default setting for KEYBOARD_ABORT allows access to the kadb kernel debugger. For more information about the debugger, see the kadb(1M) man page.


    Require a more powerful algorithm for user passwords. 

    Remove a basic privilege from all users of this host. 

    Restrict users of this host to Basic Solaris User authorizations. 

    policy.conf(4) man page


    Require users to change passwords frequently. 

    Require users to create maximally different passwords. 

    Require a longer user password. 

    Require a password that cannot be found in your dictionary. 

    passwd(1) man page