Changing user-level attributes with Solaris 10 security policy
A colleague at work told me that he changed the CRYPT_DEFAULT in policy.conf(4) on his nevada box to md5 (the Sun implementation of md5).I actually forgot to change the default unix crypt for generating the password for my user login when i installed my Solaris 10 1/05 system a long time ago so it was about time I changed this myself into something a little more secure wouldn't you say? ;)
The only thing that's required if you want to change the salt via crypt_gensalt(3C) to generate a new crypted password for your account is to change the CRYPT_DEFAULT setting in policy.conf(4) from the default __unix__ value to either:
1 (will use the BSD/Linux md5 algo)
2a (will use the BSD Blowfish algo)
md5 (will use Sun's md5 algo)
My personal favorite has always been the blowfish algo so i'm sticking with it.
Once you've changed the value of the CRYPT_DEFAULT key in /etc/security/policy.conf and have written the file, the only thing left to do is setting a new password on your account via passwd(1) and you're done!
To verify whether the crypt change worked is to take a look at the line in /etc/shadow for your user account and see whether the password column has changed (actually logging into the box again would be a good method too ;) )
w00t, that simple :)
posted by Marco @ 16:21
0 Comments:
Post a Comment
<< Home