crypt.conf - configuration file for pluggable crypt modules
crypt.conf is the configuration file for the pluggable crypt architecture. Each crypt module must provide a function to generate a password hash, crypt_genhash_impl(3C), and a function to generate the salt, crypt_gensalt_impl(3C).
Each line in crypt.conf defines a mapping between an algorithm identifier and the shared object implementing it, of the form:
name module_path [params]
The name field specifies an identifier used to refer to this algorithm in the salt argument to crypt(3C) and in the password/crypt/algorithms_allow, password/crypt/algorithms_deprecate, and password/crypt/default properties of the account-policy(8S) service, which controls which methods are allowed to be used for setting or checking passwords.
The module_path field specifies the pathname to a shared library object that implements crypt_genhash_impl() and crypt_gensalt_impl(). If the pathname is not absolute, it is assumed to be relative to /usr/lib/security/$ISA. If the pathname contains the $ISA token, the token is replaced by an implementation-defined directory name that defines the path relative to the calling program's instruction set architecture.
The optional params field is used to pass module-specific options to the shared objects. See crypt_genhash_impl(3C) and crypt_gensalt(3C). It is the responsibility of the module to parse and interpret the options. The params field can be used by the modules to turn on debugging or to pass any module-specific parameters that control the output of the hashing algorithm
The following example increases the work factor to 12 for the crypt_bsdbf(7) module.
2a /usr/lib/security/$ISA/crypt_bsdbf.so 12Example 2 Setting the Rounds
The following example sets the rounds for the crypt_sunmd5(7) module:
md5 /usr/lib/security/$ISA/crypt_sunmd5.so rounds=2000Example 3 Using the Default /etc/security/crypt.conf
The following default /etc/security/crypt.conf supports five plugins:
1 crypt_bsdmd5.so.1 2a crypt_bsdbf.so.1 md5 crypt_sunmd5.so.1 5 crypt_sha256.so.1 rounds=10000 6 crypt_sha512.so.1 rounds=10000
See attributes(7) for descriptions of the following attributes:
passwd(1), crypt(3C), crypt_genhash_impl(3C), crypt_gensalt(3C), crypt_gensalt_impl(3C), getpassphrase(3C), passwd(5), attributes(7), crypt_bsdbf(7), crypt_bsdmd5(7), crypt_sha256(7), crypt_sha512(7), crypt_sunmd5(7), crypt_unix(7), account-policy(8S)
Support for crypt.conf was added to Solaris in Solaris 9 12/02 (Update 2).