NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | FILES | SEE ALSO
/etc/security/policy.conf
The policy.conf file provides the security policy configuration for user-level attributes. Each entry consists of a key/value pair in the form:
key=value
The following keys are defined:
Specify the default set of authorizations granted to all users. This entry is interpreted by chkauthattr(3SECDB). The value is one or more comma-separated authorizations defined in auth_attr(4).
Specify the default set of profiles granted to all users. This entry is interpreted by chkauthattr(3SECDB) and getexecuser(3SECDB). The value is one or more comma-separated profiles defined in prof_attr(4).
Specify the algorithms that are allowed for new passwords and is enforced only in crypt_gensalt(3C).
Specify the algorithm for new passwords that is to be deprecated. For example, to deprecate use of the traditional UNIX algorithm, specify CRYPT_ALGORITHMS_DEPRECATE=__unix__ and change CRYPT_DEFAULT= to another algorithm, such as CRYPT_DEFAULT=1 for BSD and Linux MD5.
Specify the default algorithm for new passwords. The Solaris default is the traditional UNIX algorithm. This is not listed in crypt.conf(4) since it is internal to libc. The reserved name __unix__ is used to refer to it.
The key/value pair must appear on a single line, and the key must start the line. Lines starting with # are taken as comments and ignored. Option name comparisons are case-insensitive.
Only one CRYPT_ALGORITHMS_ALLOW or CRYPT_ALGORITHMS_DEPRECATE value can be specified. Whichever is listed first in the file takes precedence. The algorithm specified for CRYPT_DEFAULT must either be specified for CRYPT_ALGORITHMS_ALLOW or not be specified for CRYPT_ALGORITHMS_DEPRECATE. If CRYPT_DEFAULT is not specified, the default is __unix__.
Defines extended user attributes.
Defines authorizations.
Defines profiles.
Defines policy for the system.