CRYPT.CONF(5) Standards, Environments, and Macros CRYPT.CONF(5)


crypt.conf - configuration file for pluggable crypt modules




crypt.conf is the configuration file for the pluggable crypt
architecture. Each crypt module must provide a function to generate a
password hash, crypt_genhash_impl(3C), and a function to generate the
salt, crypt_gensalt_impl(3C).

There must be at least one entry in crypt.conf with the same name as is
stored in the crypt_algorithm_magic symbol of the module. The
documentation provided with the module should list this name.

The module_path field specifies the path name to a shared library object
that implements crypt_genhash_impl(), crypt_gensalt_impl(), and
crypt_algorithm_magic. If the path name is not absolute, it is assumed
to be relative to /usr/lib/security/$ISA. If the path name contains the
$ISA token, the token is replaced by an implementation-defined directory
name that defines the path relative to the calling program's instruction
set architecture.

The params field is used to pass module-specific options to the shared
objects. See crypt_genhash_impl(3C) and crypt_gensalt_impl(3C). It is
the responsibility of the module to parse and interpret the options. The
params field can be used by the modules to turn on debugging or to pass
any module-specific parameters that control the output of the hashing


Example 1: Provide compatibility for md5crypt-generated passwords.

The default configuration preserves previous Solaris behavior while
adding compatibility for md5crypt-generated passwords as provided on some
BSD and Linux systems.

# crypt.conf
1 /usr/lib/security/$ISA/

Example 2: Use md5crypt to demonstrate compatibility with BSD- and Linux-

based systems.

The following example lists 4 algorithms and demonstrates how
compatibility with BSD- and Linux-based systems using md5crypt is made
available, using the algorithm names 1 and 2.

# crypt.conf
md5 /usr/lib/security/$ISA/
rot13 /usr/lib/security/$ISA/

# For *BSD/Linux compatibility
# 1 is md5, 2 is Blowfish
1 /usr/lib/security/$ISA/
2 /usr/lib/security/$ISA/


See attributes(7) for descriptions of the following attributes:

|Interface Stability | Evolving |


passwd(1), crypt(3C), crypt_genhash_impl(3C), crypt_gensalt(3C),
crypt_gensalt_impl(3C), getpassphrase(3C), passwd(5), attributes(7),

December 28, 2020 CRYPT.CONF(5)