xref: /illumos-gate/usr/src/man/man5/crypt.conf.5 (revision bbf215553c7233fbab8a0afdf1fac74c44781867)
te
Copyright (c) 2001, Sun Microsystems, Inc. All Rights Reserved.
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
CRYPT.CONF 5 "December 28, 2020"
NAME
crypt.conf - configuration file for pluggable crypt modules
SYNOPSIS
/etc/security/crypt.conf
DESCRIPTION
crypt.conf is the configuration file for the pluggable crypt architecture. Each crypt module must provide a function to generate a password hash, crypt_genhash_impl(3C), and a function to generate the salt, crypt_gensalt_impl(3C).

There must be at least one entry in crypt.conf with the same name as is stored in the crypt_algorithm_magic symbol of the module. The documentation provided with the module should list this name.

The module_path field specifies the path name to a shared library object that implements crypt_genhash_impl(), crypt_gensalt_impl(), and crypt_algorithm_magic. If the path name is not absolute, it is assumed to be relative to /usr/lib/security/$ISA. If the path name contains the $ISA token, the token is replaced by an implementation-defined directory name that defines the path relative to the calling program's instruction set architecture.

The params field is used to pass module-specific options to the shared objects. See crypt_genhash_impl(3C) and crypt_gensalt_impl(3C). It is the responsibility of the module to parse and interpret the options. The params field can be used by the modules to turn on debugging or to pass any module-specific parameters that control the output of the hashing algorithm.

EXAMPLES
Example 1 Provide compatibility for md5crypt-generated passwords.

The default configuration preserves previous Solaris behavior while adding compatibility for md5crypt-generated passwords as provided on some BSD and Linux systems.

#
# crypt.conf
#
1 /usr/lib/security/$ISA/crypt_bsdmd5.so

Example 2 Use md5crypt to demonstrate compatibility with BSD- and Linux-based systems.

The following example lists 4 algorithms and demonstrates how compatibility with BSD- and Linux-based systems using md5crypt is made available, using the algorithm names 1 and 2.

#
# crypt.conf
#
md5 /usr/lib/security/$ISA/crypt_md5.so
rot13 /usr/lib/security/$ISA/crypt_rot13.so

# For *BSD/Linux compatibility
# 1 is md5, 2 is Blowfish
1 /usr/lib/security/$ISA/crypt_bsdmd5.so
2 /usr/lib/security/$ISA/crypt_bsdbf.so
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Evolving
SEE ALSO
passwd (1), crypt (3C), crypt_genhash_impl (3C), crypt_gensalt (3C), crypt_gensalt_impl (3C), getpassphrase (3C), passwd (5), attributes (7), crypt_unix (7)