#
# There are basically three field types, string, numeric and special.
# These are dealt with by application by recognizing the parameter name.
# If no default value is desired, delete or comment out the appropriate
# line or its value to the right of the equal sign.
# A missing or commented out value of a field is same as deleting the field.
# Spaces and tabs in the value field are ignored unless quoted.
# Quotes are not included in the final value string unless they are themselves
# within a set of another type of quotes (' or " or `).
# Numeric fields can be specified as decimal or as hex with 0x or 0X prefix.
# Numeric fields also recognize string "TRUE" as numeric 1 (one) and
# string "FALSE" as numeric 0 (zero).
#

#
#	Start of /etc/security/usr_auth defaults section.
#

#
#  UA_USER_ID (numeric)
#	If UA_USER_ID is specified and has a NON-NULL value then
#	its value will be used as the user id instead of the
#	value usually supplied by the system.
#	This allows several users to share a numeric user id.
#
UA_USER_ID=			# everything after '#' is a comment

#
#  UA_GROUP_NAME (string)
#	Name of default login group.  Must exist in /etc/group.
#
#  UA_GROUP_ID (numeric)
#	Numeric id of default login group.  Must exist in /etc/group.
#
#  NOTE:
#	If both NAME and ID are specified then the value of the NAME
#	parameter will be ignored and the value of the ID parameter used.
#
UA_GROUP_NAME=other
UA_GROUP_ID=

#
#  UA_GECOS (string)
#	Default comments for passwd comment field.
#
UA_GECOS=		# everything after '#' is a comment

#
#  UA_HOME_PATH (string)
#	Default absolute pathname of parent directory of user's
#	home directory.  The home directory itself has the same
#	name as the user, unless ...
#
#  UA_HOME_DIR (string)
#	If UA_HOME_DIR is specified and has a NON-NULL value then
#	its value will be used instead of user's name when constructing
#	pathname of user's home directory.  This allows several users
#	to share same home directory.  This parameter is ignored if
#	UA_HOME_PATH is not defined or is NULL.
#
UA_HOME_PATH=/usr
UA_HOME_DIR=

#
#  UA_SHELL (string)
#	Name of default login shell - either the name of a shell
#	or else the full pathname of an executable file.
#
UA_SHELL=/bin/sh

#
#  UA_ROLE (numeric)
#	Default role number, must exist in /etc/security/roles database.
#	Allows either a number or valid mnemonic that is defined in
#	/etc/security/roles database.
#	Only one of above is allowed.
#
UA_ROLE=USER

#
#  UA_PASSWORD_MODE (numeric bit flags)
# 	Default mode of a generated passwd.
#	Allows a comma separated array of decimal or hex numbers or mnemonics:
#		NO_PASS_CHANGE	1
#		NO_PASS_NEED	2
#	All values will be or'd together.  Hex values must be prepended
#	with '0x' or '0X' string.
#	If there are to be spaces between values and/or commas,
#	then enclose the whole thing in quotes.
#
UA_PASSWORD_MODE=0

#
#  UA_PASSWORD_GEN (numeric)
# 	Default generator for generated passwd.
#	Allows either a number or one of the following mnemonics:
#		PWGEN0		0
#		PWGEN1		1
#		PWGEN2		2
#		PWGEN3		3
#		PWGEN4		4
#		PWGEN5		5
#		PWGEN6		6
#		PWGEN7		7
#	Above values and mnemonics are defined in /usr/include/auth.h
#	Only one of above is allowed.
#
UA_PASSWORD_GEN=PWGEN0

#
#  UA_MIN_PASSWORD_LIFE (numeric)
#	Default minimum password lifetime in days.
#
UA_MIN_PASSWORD_LIFE=0

#
#  UA_MAX_PASSWORD_LIFE (numeric)
#	Default maximum password lifetime in days.
#
UA_MAX_PASSWORD_LIFE=90

#
#  UA_MAX_LOGIN_TRIES (numeric)
#	Default maximum login attempts before user lockout.
#
UA_MAX_LOGIN_TRIES=7

#
#  UA_ACCT_STATUS (numeric)
#	Default account status.
#	Allows either a number or one of the following mnemonics:
#		NOLOCK		0
#		LOCKED		1
#		RETIRE		2
#	Above values and mnemonics are defined in /usr/include/auth.h
#	Only one of above is allowed.
#
UA_ACCT_STATUS=NOLOCK

#
#  UA_AUDIT_MASK (numeric)
#	Default audit mask.  The mask is passed as a string in the
#	form of comma separated ranges or values. Examples
#	would be 1-3,5,6,10-20.
#	If there are to be spaces between values and/or commas,
#	then enclose the whole thing in quotes.
#
UA_AUDIT_MASK=0

#
#  UA_ACCESS_TIMES (special array)
#	Default access times, up to 7 entries separated by comma.
#	Each entry format is HH:MM-HH:MM and all colons and dashes
#	must be specified.
#	The seven entries are for seven days of the week, starting
#	with Sunday and ending with Saturday.
#	If there are to be spaces between values and/or commas,
#	then enclose the whole thing in quotes.
#
UA_ACCESS_TIMES=0:00-0:00,8:00-17:00,8:00-17:00,8:00-17:00,8:00-17:00,8:00-17:00,0:00-0:00


#
#  UA_DEVICE_LIST (special array)
#	Comma separated list of devices allowed for this user.
#	If the full absolute pathname beginning with a slash '/'
#	is not specified, then the prefix '/dir/' is prepended to the
#	supplied device name.
#	If there are to be spaces between device names and/or commas,
#	then enclose the whole thing in quotes.
#
UA_DEVICE_LIST=

#
#	Start of /etc/security/dev_auth defaults section.
#

#
#  TA_MAX_LOGIN_TRIES (numeric)
#	Default maximum login attempts before tty lockout.
#
TA_MAX_LOGIN_TRIES=7

#
#  TA_DELAY (numeric)
#	Default delay between login attempts (in seconds).
#
TA_DELAY=3

#
#  TA_SAK_KEYS (numeric bit field)
#	Default Secure Attention Key (SAK) action flags.
#	Allows one of the following decimal or hex number or mnemonic:
#		SAK_BREAK	0x01
#		SAK_CARRIER	0x02
#		SAK_1KEY	0x04
#		SAK_2KEYS	0x08
#		SAK_3KEYS	0x10
#	Above values and mnemonics are defined in /usr/include/sys/sakioctl.h
#	Hex values must be prepended with '0x' or '0X' string.
#	A value that enables the special SAK keys requires entry of enabled
#	keys in the sequence from KEY1 thru KEY3.
#	If there are to be spaces between values and/or commas,
#	then enclose the whole thing in quotes.
#	The values for the KEY(S) flag must follow the flag separated
#	by commas.
#	Key values can be specified as decimal or hex or as ascii character
#	(upper and lower case matters).
#	Control characters (values 0 thru 31) can be specified
#	by '^' followed by the ascii representation of the control
#	character, i.e., ^C (upper or lower case does not matter).
#	Example:
#		SAK_1KEY,^A
#		SAK_2KEY,^a,J
#		SAK_3KEY,A,2,0x03
#
TA_SAK_KEYS=SAK_CARRIER

#
#  TA_MAX_INACTIVE (numeric)
#	Default maximum period of inactivity before logout of user at tty
#	(in seconds).
#
TA_MAX_INACTIVE=300	# 5 minutes

#
#  TA_MIN_LABEL (string)
#  TA_MAX_LABEL (string)
#	Default minimum/maximum security label.
#	Must be one of the following which are defined in sys/mls.h:
#		SYS_SEC
#		SECURED
#		SYS_ADM
#		SYS_DEV
#		SYS_USER
#		TRUSTED
#		PROTECTED
#		UNSECURE
#	Only one of above is allowed.
#
TA_MIN_LABEL=UNSECURE
TA_MAX_LABEL=SECURED

#
#  TA_ADD_USERS (numeric or string)
#  TA_DEL_USERS (numeric or string)
#	Default comma separated list of allowed/disallowed users.
#	Supply either a numeric user id or a valid user name that exists
#	in the password file or one of the following special mnemonics:
#		ALL	(mnemonic must be in all caps)
#		*	(character '*' star)
#	NOTE:   For now we recognize only the first id/name in the list.
#
TA_ADD_USERS=*
TA_DEL_USERS=

#
#  TA_ADD_GROUPS (numeric or string)
#  TA_DEL_GROUPS (numeric or string)
#	Default comma separated list of allowed/disallowed groups.
#	Supply either a numeric group id or a valid group name that exists
#	in the group file or one of the following special mnemonics:
#		ALL	(mnemonic must be in all caps)
#		*	(character '*' star)
#	NOTE:   For now we recognize only the first id/name in the list.
#
TA_ADD_GROUPS=*
TA_DEL_GROUPS=
