Go to main content

Securing Users and Processes in Oracle® Solaris 11.4

Exit Print View

Updated: September 2018
 
 

Modifying Password Policy

This section assumes that you have completed New Feature – Enabling the account-policy Service.

Security attributes that are properties of the config/etc_default_passwd stencil of the account-policy service include:

password/aging_defaults/max_days count
password/aging_defaults/min_days count
password/aging_defaults/warn_days count
password/complexity/max_repeats count
password/complexity/min_alpha count
password/complexity/min_diff count
password/complexity/min_digit count
password/complexity/min_lower count
password/complexity/min_nonalpha count
password/complexity/min_special count
password/complexity/min_upper count
password/complexity/namecheck boolean
password/complexity/passlength count
password/complexity/whitespace boolean
password/crypt/algorithms_allow astring 2a 5 6
password/crypt/algorithms_deprecate astring
password/crypt/default astring 5
password/dictionary/db_dir astring
password/dictionary/min_word_length count
password/dictionary/word_list astring

In the following example, the administrator sets a required password length longer than the default of 8 characters.

$ pfbash svccfg -s account-policy
svc:/.../account-policy> setprop config/etc_default_passwd/disabled = boolean
svc:/.../account-policy> setprop password/complexity/passlength = 13
svc:/.../account-policy> exit
$ svcadm refresh account-policy