crypt.conf

- configuration file for pluggable crypt modules

Synopsis

/etc/security/crypt.conf

Description

crypt.conf is the configuration file for the pluggable crypt architecture. Each crypt module must provide a function to generate a password hash, crypt_genhash_impl(3C), and a function to generate the salt, crypt_gensalt_impl(3C).

The module_path field specifies the pathname to a shared library object that implements crypt_genhash_impl() and crypt_gensalt_impl(). If the pathname is not absolute, it is assumed to be relative to /usr/lib/security/$ISA. If the pathname contains the $ISA token, the token is replaced by an implementation-defined directory name that defines the path relative to the calling program's instruction set architecture.

The third field is used to pass module-specific options to the shared objects. See crypt_genhash_impl(3C) and crypt_gensalt(3C). It is the responsibility of the module to parse and interpret the options. The params field can be used by the modules to turn on debugging or to pass any module-specific parameters that control the output of the hashing algorithm

Examples

Example 1 Increasing the Work Factor

The following example increases the work factor to 12 for the crypt_bsdbf(5) module.

2a /usr/lib/security/$ISA/crypt_bsdbf.so 12

Example 2 Setting the Rounds

The following example sets the rounds for the crypt_sunmd5(5) module:

md5 /usr/lib/security/$ISA/crypt_sunmd5.so rounds=2000

Example 3 Using the Default /etc/security/crypt.conf

The following default /etc/security/crypt.conf supports five plugins:

1      crypt_bsdmd5.so.1
2a     crypt_bsdbf.so.1
md5    crypt_sunmd5.so.1
5      crypt_sha256.so.1
6      crypt_sha512.so.1

Attributes

See attributes(5) for descriptions of the following attributes:

See Also

passwd(1), crypt(3C), crypt_genhash_impl(3C), crypt_gensalt(3C), crypt_gensalt_impl(3C), getpassphrase(3C), passwd(4), attributes(5), crypt_bsdbf(5), crypt_bsdmd5(5), crypt_sha256(5), crypt_sha512(5), crypt_sunmd5(5), crypt_unix(5)