Enhanced crypt() Function

Password encryption protects passwords from being read by intruders. Three strong password encryption modules are now available in the software:  

• A version of Blowfish that is compatible with BSD systems

• A version of MD5 that is compatible with BSD and Linux systems

• A stronger version of MD5 that is compatible with other Solaris 9 12/02 systems

For information on how to protect your user passwords with these new encryption modules, see the System Administration Guide: Security Services. For information on the strength of the modules, see the crypt_bsdbf(5), crypt_bsdmd5(5), and crypt_sunmd5(5) man pages.

12/02 

Password Management Feature in pam_ldap

The pam_ldap password management feature strengthens the overall security of the LDAP Naming Service when used in conjunction with the Sun ONE Directory Server (formerly iPlanet Directory Server). Specifically, the password management feature does the following:

• Allows for tracking password aging and expiration

• Prevents users from choosing trivial or previously used passwords

• Warns users if their passwords are about to expire

• Locks out users after repeated login failures

• Prevents users, other than the authorized system administrator, from deactivating initialized accounts

For further information on Solaris naming and directory services, see the System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP). For information about Solaris security features, see the System Administration Guide: Security Services.

12/02 

PAM Enhancement

The Pluggable Authentication Module (PAM) framework was expanded by including a new control flag. The new control flag provides the ability to skip additional stack processing. This skipping is enabled if the current service module is successful and if no failure occurred on the previous mandatory modules. 

For more information about this change, see the System Administration Guide: Security Services.

12/02