How to Install a Password Encryption Module From a Third Party

A third-party password encryption algorithm is typically delivered as part of a software package. When you run the pkgadd command, scripts from the vendor should modify the /etc/security/crypt.conf file. You then modify the /etc/security/policy.conf file to include the new module and its identifier.

1. Add the software by using the pkgadd command.

   For detailed instructions on how to add software, see “Adding or Removing a Software Package” in System Administration Guide: Basic Administration.

2. Read the /etc/security/crypt.conf file to confirm that the new module and module identifier are in the list of encryption algorithms.

   For example, the following lines show a crypt.conf file that was modified by a package that installed the crypt_rot13 algorithm.

   # crypt.conf # md5 /usr/lib/security/$ISA/crypt_md5.so rot13 /usr/lib/security/$ISA/crypt_rot13.so # For *BSD - Linux compatibility # 1 is MD5, 2a is Blowfish 1 /usr/lib/security/$ISA/crypt_bsdmd5.so 2a /usr/lib/security/$ISA/crypt_bsdbf.so

3. Modify the /etc/security/policy.conf file to add the identifier of the newly installed algorithm.

   The following lines show excerpts from the policy.conf file that would need to be modified to add the rot13 identifier.

   # Copyright 1999-2002 Sun Microsystems, Inc. All rights reserved. # ... #ident "@(#)policy.conf 1.6 02/06/07 SMI" # ... # crypt(3c) Algorithms Configuration CRYPT_ALGORITHMS_ALLOW=1,2a,md5,rot13 #CRYPT_ALGORITHMS_DEPRECATE=__unix__ CRYPT_DEFAULT=md5

In this example, the rot13 algorithm is used if the current password was encrypted with the crypt_rot13 algorithm. New user passwords are encrypted with the crypt_sunmd5 algorithm. This algorithms configuration works on Solaris-only networks.