usr/src/lib/libsecdb/policy.conf - illumos-gate - Gitiles

 #
 # CDDL HEADER START
 #
 # The contents of this file are subject to the terms of the
 # Common Development and Distribution License (the "License").
 # You may not use this file except in compliance with the License.
 #
 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 # or http://www.opensolaris.org/os/licensing.
 # See the License for the specific language governing permissions
 # and limitations under the License.
 #
 # When distributing Covered Code, include this CDDL HEADER in each
 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 # If applicable, add the following below this CDDL HEADER, with the
 # fields enclosed by brackets "[]" replaced with your own identifying
 # information: Portions Copyright [yyyy] [name of copyright owner]
 #
 # CDDL HEADER END
 #
 #
 # Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # /etc/security/policy.conf
 #
 # security policy configuration for user attributes. see policy.conf(4)
 #

 AUTHS_GRANTED=solaris.device.cdrw
 PROFS_GRANTED=Basic Solaris User
 CONSOLE_USER=Console User

 # crypt(3c) Algorithms Configuration
 #
 # CRYPT_ALGORITHMS_ALLOW specifies the algorithms that are allowed to
 # be used for new passwords.  This is enforced only in crypt_gensalt(3c).
 #
 CRYPT_ALGORITHMS_ALLOW=1,2a,md5,5,6

 # To deprecate use of the traditional unix algorithm, uncomment below
 # and change CRYPT_DEFAULT= to another algorithm.  For example,
 # CRYPT_DEFAULT=1 for BSD/Linux MD5.
 #
 #CRYPT_ALGORITHMS_DEPRECATE=__unix__

 # The OpenSolaris default is a SHA256 based algorithm.  To revert to
 # the policy present in Solaris releases set CRYPT_DEFAULT=__unix__,
 # which is not listed in crypt.conf(4) since it is internal to libc.
 #
 CRYPT_DEFAULT=5
 #
 # These settings determine the default privileges users have.  If not set,
 # the default privileges are taken from the inherited set.
 # There are two different settings; PRIV_DEFAULT determines the default
 # set on login; PRIV_LIMIT defines the Limit set on login.
 # Individual users can have privileges assigned or taken away through
 # user_attr.  Privileges can also be assigned to profiles in which case
 # the users with those profiles can use those privileges through pfexec(1).
 # For maximum future compatibility, the specifications should
 # always include "basic" or "all"; privileges should then be removed using
 # the negation.  E.g., PRIV_LIMIT=all,!sys_linkdir takes away only the
 # sys_linkdir privilege, regardless of future additional privileges.
 # Similarly, PRIV_DEFAULT=basic,!file_link_any takes away only the
 # file_link_any privilege from the basic privilege set; only that notation
 # is immune from a future addition of currently unprivileged operations to
 # the basic privilege set.
 # NOTE: removing privileges from the the Limit set requires EXTREME care
 # as any set-uid root program may suddenly fail because it lacks certain
 # privilege(s).
 #
 #PRIV_DEFAULT=basic
 #PRIV_LIMIT=all
 #
 # LOCK_AFTER_RETRIES specifies the default account locking policy for local
 # user accounts (passwd(4)/shadow(4)).  The default may be overridden by
 # a user's user_attr(4) "lock_after_retries" value.
 # YES enables local account locking, NO disables local account locking.
 # The default value is NO.
 #
 #LOCK_AFTER_RETRIES=NO
	#
	# CDDL HEADER START
	#
	# The contents of this file are subject to the terms of the
	# Common Development and Distribution License (the "License").
	# You may not use this file except in compliance with the License.
	#
	# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
	# or http://www.opensolaris.org/os/licensing.
	# See the License for the specific language governing permissions
	# and limitations under the License.
	#
	# When distributing Covered Code, include this CDDL HEADER in each
	# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
	# If applicable, add the following below this CDDL HEADER, with the
	# fields enclosed by brackets "[]" replaced with your own identifying
	# information: Portions Copyright [yyyy] [name of copyright owner]
	#
	# CDDL HEADER END
	#
	#
	# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
	# Use is subject to license terms.
	#
	# /etc/security/policy.conf
	#
	# security policy configuration for user attributes. see policy.conf(4)
	#

	AUTHS_GRANTED=solaris.device.cdrw
	PROFS_GRANTED=Basic Solaris User
	CONSOLE_USER=Console User

	# crypt(3c) Algorithms Configuration
	#
	# CRYPT_ALGORITHMS_ALLOW specifies the algorithms that are allowed to
	# be used for new passwords. This is enforced only in crypt_gensalt(3c).
	#
	CRYPT_ALGORITHMS_ALLOW=1,2a,md5,5,6

	# To deprecate use of the traditional unix algorithm, uncomment below
	# and change CRYPT_DEFAULT= to another algorithm. For example,
	# CRYPT_DEFAULT=1 for BSD/Linux MD5.
	#
	#CRYPT_ALGORITHMS_DEPRECATE=__unix__

	# The OpenSolaris default is a SHA256 based algorithm. To revert to
	# the policy present in Solaris releases set CRYPT_DEFAULT=__unix__,
	# which is not listed in crypt.conf(4) since it is internal to libc.
	#
	CRYPT_DEFAULT=5
	#
	# These settings determine the default privileges users have. If not set,
	# the default privileges are taken from the inherited set.
	# There are two different settings; PRIV_DEFAULT determines the default
	# set on login; PRIV_LIMIT defines the Limit set on login.
	# Individual users can have privileges assigned or taken away through
	# user_attr. Privileges can also be assigned to profiles in which case
	# the users with those profiles can use those privileges through pfexec(1).
	# For maximum future compatibility, the specifications should
	# always include "basic" or "all"; privileges should then be removed using
	# the negation. E.g., PRIV_LIMIT=all,!sys_linkdir takes away only the
	# sys_linkdir privilege, regardless of future additional privileges.
	# Similarly, PRIV_DEFAULT=basic,!file_link_any takes away only the
	# file_link_any privilege from the basic privilege set; only that notation
	# is immune from a future addition of currently unprivileged operations to
	# the basic privilege set.
	# NOTE: removing privileges from the the Limit set requires EXTREME care
	# as any set-uid root program may suddenly fail because it lacks certain
	# privilege(s).
	#
	#PRIV_DEFAULT=basic
	#PRIV_LIMIT=all
	#
	# LOCK_AFTER_RETRIES specifies the default account locking policy for local
	# user accounts (passwd(4)/shadow(4)). The default may be overridden by
	# a user's user_attr(4) "lock_after_retries" value.
	# YES enables local account locking, NO disables local account locking.
	# The default value is NO.
	#
	#LOCK_AFTER_RETRIES=NO