Home | History | Annotate | Download | only in libsecdb
      1 #
      2 # CDDL HEADER START
      3 #
      4 # The contents of this file are subject to the terms of the
      5 # Common Development and Distribution License (the "License").
      6 # You may not use this file except in compliance with the License.
      7 #
      8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
      9 # or http://www.opensolaris.org/os/licensing.
     10 # See the License for the specific language governing permissions
     11 # and limitations under the License.
     12 #
     13 # When distributing Covered Code, include this CDDL HEADER in each
     14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     15 # If applicable, add the following below this CDDL HEADER, with the
     16 # fields enclosed by brackets "[]" replaced with your own identifying
     17 # information: Portions Copyright [yyyy] [name of copyright owner]
     18 #
     19 # CDDL HEADER END
     20 #
     21 #
     22 # Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
     23 # Use is subject to license terms.
     24 #
     25 # /etc/security/policy.conf
     26 #
     27 # security policy configuration for user attributes. see policy.conf(4)
     28 #
     29 #ident	"%Z%%M%	%I%	%E% SMI"
     30 #
     31 AUTHS_GRANTED=solaris.device.cdrw
     32 PROFS_GRANTED=Basic Solaris User
     33 CONSOLE_USER=Console User
     34 
     35 # crypt(3c) Algorithms Configuration
     36 #
     37 # CRYPT_ALGORITHMS_ALLOW specifies the algorithms that are allowed to
     38 # be used for new passwords.  This is enforced only in crypt_gensalt(3c).
     39 #
     40 CRYPT_ALGORITHMS_ALLOW=1,2a,md5,5,6
     41 
     42 # To deprecate use of the traditional unix algorithm, uncomment below
     43 # and change CRYPT_DEFAULT= to another algorithm.  For example,
     44 # CRYPT_DEFAULT=1 for BSD/Linux MD5.
     45 #
     46 #CRYPT_ALGORITHMS_DEPRECATE=__unix__
     47 
     48 # The Solaris default is the traditional UNIX algorithm.  This is not
     49 # listed in crypt.conf(4) since it is internal to libc.  The reserved
     50 # name __unix__ is used to refer to it.
     51 #
     52 CRYPT_DEFAULT=__unix__
     53 #
     54 # These settings determine the default privileges users have.  If not set,
     55 # the default privileges are taken from the inherited set.
     56 # There are two different settings; PRIV_DEFAULT determines the default
     57 # set on login; PRIV_LIMIT defines the Limit set on login.
     58 # Individual users can have privileges assigned or taken away through
     59 # user_attr.  Privileges can also be assigned to profiles in which case
     60 # the users with those profiles can use those privileges through pfexec(1m).
     61 # For maximum future compatibility, the specifications should
     62 # always include "basic" or "all"; privileges should then be removed using
     63 # the negation.  E.g., PRIV_LIMIT=all,!sys_linkdir takes away only the
     64 # sys_linkdir privilege, regardless of future additional privileges.
     65 # Similarly, PRIV_DEFAULT=basic,!file_link_any takes away only the
     66 # file_link_any privilege from the basic privilege set; only that notation
     67 # is immune from a future addition of currently unprivileged operations to
     68 # the basic privilege set.
     69 # NOTE: removing privileges from the the Limit set requires EXTREME care
     70 # as any set-uid root program may suddenly fail because it lacks certain
     71 # privilege(s).
     72 #
     73 #PRIV_DEFAULT=basic
     74 #PRIV_LIMIT=all
     75 #
     76 # LOCK_AFTER_RETRIES specifies the default account locking policy for local
     77 # user accounts (passwd(4)/shadow(4)).  The default may be overridden by
     78 # a user's user_attr(4) "lock_after_retries" value.
     79 # YES enables local account locking, NO disables local account locking.
     80 # The default value is NO.
     81 #
     82 #LOCK_AFTER_RETRIES=NO
     83