User Management in Solaris 10

We’re back with Solaris 10 administration series. This time, it’s the user management part.

Securing the Password

For God knows why reason (probably legacy), the default password hashing algorithm in Solaris 10 is the classic UNIX DES hashing. To change it, edit /etc/security/policy.conf and find line starting with CRYPT_DEFAULT and change it to this:

CRYPT_DEFAULT=2a

(you can also set to other value but 2a should be good enough)

And to change the root password, first edit /etc/shadow and append $2a$ to the 2nd (password) field like this:

root:$2a$afgfdg....:...

or else chaning the root password using passwd won’t be set using the newly configured algorithm.

Creating User

First of all remember that there’s character limit of 8 for username in Solaris. Linux doesn’t have this but it’ll break ps (displaying UID instead of username). Also creating directory in /home is not possible because of several reasons. The proper way is to create home directory somewhere and create relevant entry in /etc/auto_home.

useradd -s /bin/bash newuser
mkdir -p /export/home/newuser
chown newuser:staff /export/home/newuser
printf "%st%sn" "newuser" "localhost:/export/home/newuser" >> /etc/auto_home
passwd newuser

This will let Solaris to automount (loopback filesystem/lofs) the actual directory (in this case /export/home/newuser) to /home.

Of course you can set the directory somewhere else, though having home not in /home feels weird.

Leave a Reply

Your email address will not be published. Required fields are marked *