This feature is new in the Software Express pilot program and in the Solaris 9 12/02 release. This feature is included in the Solaris 10 3/05 release.
The Software Express releases include new extensions to the crypt() function and introduce the crypt_gensalt()function. These enhancements allow administrators to change the algorithm that is used to obscure users' UNIX login passwords.
Modules are included for MD5 and Blowfish. The MD5 modules are at crypt_sunmd5 and crypt_bsdmd5. The Blowfish module is at crypt_bsdbf.
Developers can create new modules for alternate password-obscuring algorithms. Application developers must use the crypt_gensalt() function instead of manually generating the salt string for passing to the crypt() function.
Modules for alternate algorithms are specified in the crypt.conf(4) file. The module_path field specifies the path to the shared library object that implements the two required functions:
crypt_gensalt_impl() – Generates the salt string
crypt_genhash_impl() – Generates the encrypted password
For further information, see the crypt(3C) and the policy.conf(4) man pages.