policy.conf File Defaults
The following table shows the default settings in the policy.conf file.
Table 3-2 Security Defaults for Users and Roles in the policy.conf|
Attribute |
Keyword with Default Setting |
System Default |
|---|---|---|
|
authorizations (from auth_attr(4) database) |
#AUTHS_GRANTED= |
none |
|
idle action: logout | lock |
IDLECMD=lock (applies to users only) |
lock |
|
idle time: 1 - 120 minutes or Forever |
IDLETIME=30 (applies to users only) |
30 minutes |
|
show or hide labels: hidesl | showsl |
LABELVIEW=showsl |
showsl |
|
lock after bad password limit is exceeded: yes | no |
LOCK_AFTER_RETRIES=yes |
yes |
|
method of password generation: manual | auto |
PASSWORD=manual |
manual |
|
profiles (from prof_attr(4) database) |
PROFS_GRANTED= |
Basic Solaris User |
So, users by default are authorized to view SMC data and to edit their own cron jobs; their system locks after 30 minutes of no activity; they can see the label that they are working in; they will not be able to log in if they fail to provide the correct password for three consecutive tries; they must type in a new password (possibilities will not be generated for them); and they can execute all commands and actions on the system without privilege.
The authorizations (AUTHS_GRANTED) and rights profiles (PROFS_GRANTED) that are defined in this file are in addition to any authorizations and profiles assigned to individual accounts. For the other fields, the following algorithm determines which value the system uses:
-
If the administrator explicitly set a value in the Solaris Management Console when creating the user, use that value.
-
Otherwise, use the value in the policy.conf file.
- © 2010, Oracle Corporation and/or its affiliates