xref: /illumos-gate/usr/src/man/man5/crypt.conf.5 (revision bbf21555) 
 te
 Copyright (c) 2001, Sun Microsystems, Inc. All Rights Reserved.
 The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
 When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
 CRYPT.CONF 5 "December 28, 2020"
 NAME
crypt.conf - configuration file for pluggable crypt modules

 SYNOPSIS
/etc/security/crypt.conf




 DESCRIPTION
crypt.conf is the configuration file for the pluggable crypt
architecture. Each crypt module must provide a function to generate a password
hash, crypt_genhash_impl(3C), and a function to generate the salt,
crypt_gensalt_impl(3C).


There must be at least one entry in crypt.conf with the same name as is
stored in the crypt_algorithm_magic symbol of the module. The
documentation provided with the module should list this name.


The module_path field specifies the path name to a shared library object
that implements crypt_genhash_impl(), crypt_gensalt_impl(), and
crypt_algorithm_magic. If the path name is not absolute, it is assumed
to be relative to /usr/lib/security/$ISA. If the path name contains the
$ISA token, the token is replaced by an implementation-defined directory
name that defines the path relative to the calling program's instruction set
architecture.


The params field is used to pass module-specific options to the shared
objects. See crypt_genhash_impl(3C) and crypt_gensalt_impl(3C). It
is the responsibility of the module to parse and interpret the options. The
params field can be used by the modules to turn on debugging or to pass
any module-specific parameters that control the output of the hashing
algorithm.

 EXAMPLES
Example 1 Provide compatibility for md5crypt-generated passwords.


The default configuration preserves previous Solaris behavior while adding
compatibility for md5crypt-generated passwords as provided on some BSD and
Linux systems.


#
# crypt.conf
#
1 /usr/lib/security/$ISA/crypt_bsdmd5.so





Example 2 Use md5crypt to demonstrate compatibility with BSD- and
Linux-based systems.


The following example lists 4 algorithms and demonstrates how compatibility
with BSD- and Linux-based systems using md5crypt is made available, using the
algorithm names 1 and 2.


#
# crypt.conf
#
md5 /usr/lib/security/$ISA/crypt_md5.so
rot13 /usr/lib/security/$ISA/crypt_rot13.so

# For *BSD/Linux compatibility
# 1 is md5, 2 is Blowfish
1 /usr/lib/security/$ISA/crypt_bsdmd5.so
2 /usr/lib/security/$ISA/crypt_bsdbf.so




 ATTRIBUTES
See attributes(7) for descriptions of the following attributes:






ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Evolving



 SEE ALSO
 passwd (1),  crypt (3C),  crypt_genhash_impl (3C),  crypt_gensalt (3C),  crypt_gensalt_impl (3C),  getpassphrase (3C),  passwd (5),  attributes (7),  crypt_unix (7)