Changing the Default Algorithm for Password Encryption
The default crypt_sha256
algorithm is represented by the value
5
. To switch to another algorithm, assign a different identifier. For a
list of password encryption algorithms and their corresponding identifiers, see Password Hashing Algorithms.
Note:
Use FIPS 140-2 approved algorithms when possible. For a list of FIPS 140-2 approved algorithms, see FIPS 140-2 Algorithm Lists and Certificate References for Oracle Solaris Systems in Using a FIPS 140-2 Enabled System in Oracle Solaris 11.4.
Note that the new algorithm applies only to password encryption for new users. For
existing users, the previous algorithm remains operative if it remains defined in the
CRYPT_ALGORITHMS_ALLOW
parameter and is not unix
. To
see how encryption is implemented in this case, see Password Hashes Configuration. To include existing users under the new password encryption
algorithm, remove the previous algorithm from the CRYPT_ALGORITHMS_ALLOW
parameter as well.
For more information about configuring the algorithm choices, see the
policy.conf
(5) man page.
Note:
The procedures and examples in this section do not work if you are using the
account-policy
service. If you have enabled this service, see Modifying Rights System-Wide As SMF Properties in Securing Users and Processes in Oracle Solaris 11.4 for how to modify the security
attributes that you used to modify by editing the policy.conf
file.