Password Hashes Configuration
Note:
If you are using the account-policy
SMF stencil and the config/etc_default_passwd
property is enabled, you change password configuration in SMF. For more information, see Modifying Rights System-Wide As SMF Properties in Securing Users and Processes in Oracle Solaris 11.4. See also the
account-policy
(8S) man page.
The account-policy
service has three parameters that affect
password hashes:
password/crypt/algorithms_allow astring 2a 5 6 password/crypt/algorithms_deprecate astring password/crypt/default astring 5
When you change the value for password/crypt/default
, the
passwords of new users are encrypted with the algorithm that is associated with the new
value.
When existing users change their passwords, the way their old password was encrypted
affects which algorithm is used to encrypt the new password. For example, assume that
the administrator has changed the password parameters to
CRYPT_ALGORITHMS_ALLOW=1,2a,md5,5,6
and
password/crypt/default=6
. The following table shows which algorithm
would be used to generate the encrypted password. The password consists of
identifier=algorithm.
Initial Password | Changed Password | Explanation |
---|---|---|
|
Uses same algorithm |
The |
|
Uses same algorithm |
The |
|
Uses same algorithm |
The |
|
Uses same algorithm |
The |
|
Uses same algorithm |
The |
|
Uses |
The |
For more information about configuring the algorithm choices, see the
account-policy
(8S) man page. To specify password encryption algorithms, see
Changing the Default Algorithm for Password Encryption.