Password Parameters

The Oracle Solaris 11.4 release includes changes to the default password length and supported password hashes, and adds duration parameters. The legacy method of viewing and changing password parameter information in files is replaced by the SMF service, account-policy.

Note:

If you are using the account-policy SMF stencil and the config/etc_default_passwd property is enabled, review Modifying Rights System-Wide As SMF Properties in Securing Users and Processes in Oracle Solaris 11.4. See also the account-policy(8S) man page.

The following list of password attributes in the account-policy SMF stencil indicate the password parameters that are configurable:

password/history count
password/value_authorization astring solaris.account.setpolicy
password/aging_defaults/max_days count
password/aging_defaults/min_days count
password/aging_defaults/warn_days count
password/complexity/max_repeats count
password/complexity/min_alpha count
password/complexity/min_diff count
password/complexity/min_digit count
password/complexity/min_lower count
password/complexity/min_nonalpha count
password/complexity/min_special count
password/complexity/min_upper count
password/complexity/namecheck boolean
password/complexity/passlength count
password/complexity/whitespace boolean
password/crypt/algorithms_allow astring 2a 5 6
password/crypt/algorithms_deprecate astring
password/crypt/default astring 5
password/dictionary/db_dir astring
password/dictionary/min_word_length count
password/dictionary/word_list astring

Passwords can no longer be less than 8 characters in length. You can modify the password length for users.

For an example, see Modifying Password Policy in Securing Users and Processes in Oracle Solaris 11.4.