We’re back with Solaris 10 administration series. This time, it’s the user management part.
Securing the Password
For God knows why reason (probably legacy), the default password hashing algorithm in Solaris 10 is the classic UNIX DES hashing. To change it, edit /etc/security/policy.conf
and find line starting with CRYPT_DEFAULT
and change it to this:
CRYPT_DEFAULT=2a
(you can also set to other value but 2a
should be good enough)
And to change the root password, first edit /etc/shadow
and append $2a$
to the 2nd (password) field like this:
root:$2a$afgfdg....:...
or else chaning the root password using passwd
won’t be set using the newly configured algorithm.
Creating User
First of all remember that there’s character limit of 8 for username in Solaris. Linux doesn’t have this but it’ll break ps
(displaying UID instead of username). Also creating directory in /home
is not possible because of several reasons. The proper way is to create home directory somewhere and create relevant entry in /etc/auto_home
.
useradd -s /bin/bash newuser mkdir -p /export/home/newuser chown newuser:staff /export/home/newuser printf "%st%sn" "newuser" "localhost:/export/home/newuser" >> /etc/auto_home passwd newuser
This will let Solaris to automount (loopback filesystem/lofs) the actual directory (in this case /export/home/newuser
) to /home
.
Of course you can set the directory somewhere else, though having home not in /home
feels weird.