/etc/security/pwdalg.cfg File

Purpose

Contains configuration information for loadable password algorithms (LPA).

Description

The /etc/security/pwdalg.cfg file is an ASCII file that contains stanzas of configuration information for loadable password algorithms (LPA). Each stanza has a name, followed by a colon (:), which defines an LPA. An LPA name is used in the /etc/security/login.cfg file to specify the default system-wide password algorithm. Attributes are in the form Attribute=Value. Each attribute ends with a newline character, and each stanza ends with an additional newline character. For an example of a stanza, see Examples.

Attribute Definition
lpa_module Defines the path of the LPA to load. If you do not specify a full path, the /usr/lib/security directory is prefixed for 32-bit. The full path of the 64-bit load module is the full path of the 32-bit module suffixed with _64.
lpa_options Specifies an optional attribute that provides a means to communicate run-time configuration options to the load module. The value is a comma-separated list of items. Options that can be used are specific to the LPA that you specify in the lpa_module attribute. The optional flags for each LPA module are described in the product documentation for that LPA.

Security

Read and write access is granted to the root user and members of the security group.

Examples

The following example is a typical stanza:
*******************************************************************************
*
* /usr/lib/security/smd5 is a password hashing load module using
* the MD5 algorithm.
*
* It supports password length up to 255 characters.
*
* To generate smd5 password hash compatible to standard salted MD5,
* add the following option line for smd5 stanza. 
*       lpa_options = std_hash=true
*
* Note: password hash generated with this option won't be compatible with 
* hash generated without this option.
*
*******************************************************************************
smd5:
    lpa_module = /usr/lib/security/smd5

ssha256:
    lpa_module = /usr/lib/security/ssha
    lpa_options = algorithm=sha256,cost_num=9,salt_len=24

Files

Item Description
/etc/security/pwdalg.cfg Specifies the path to the file.
/etc/security/login.cfg Contains configuration information for login and user authentication.
/etc/passwd Contains the basic attributes of users.
/etc/security/passwd Contains password information.