--- a/src/util/distro-import/99/SUNWfixes.prototype	Tue Sep 30 22:46:01 2008 -0700
+++ b/src/util/distro-import/99/SUNWfixes.prototype	Wed Oct 01 13:20:58 2008 -0700
@@ -15,6 +15,7 @@
 e none etc/power.conf 0644 root sys
 e none etc/security/auth_attr 0644 root sys
 e none etc/security/exec_attr 0644 root sys
+e none etc/security/policy.conf 0644 root sys
 e none etc/security/prof_attr 0644 root sys
 e none etc/shadow 0400 root sys
 e none etc/user_attr 0644 root sys

--- a/src/util/distro-import/99/common/SUNWcs	Tue Sep 30 22:46:01 2008 -0700
+++ b/src/util/distro-import/99/common/SUNWcs	Wed Oct 01 13:20:58 2008 -0700
@@ -39,6 +39,7 @@
 drop etc/nsswitch.conf
 drop etc/pam.conf
 drop etc/passwd
+drop etc/security/policy.conf
 drop etc/shadow
 drop var/svc/manifest/system/coreadm.xml
 drop var/svc/profile/generic_limited_net.xml
@@ -64,6 +65,7 @@
 etc/pam.conf
 etc/passwd
 etc/security/exec_attr
+etc/security/policy.conf
 etc/shadow
 etc/user_attr
 root

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/util/distro-import/99/policy.conf	Wed Oct 01 13:20:58 2008 -0700
@@ -0,0 +1,83 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+#
+# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# /etc/security/policy.conf
+#
+# security policy configuration for user attributes. see policy.conf(4)
+#
+#ident	"%Z%%M%	%I%	%E% SMI"
+#
+AUTHS_GRANTED=solaris.device.cdrw
+PROFS_GRANTED=Basic Solaris User
+CONSOLE_USER=Console User
+
+# crypt(3c) Algorithms Configuration
+#
+# CRYPT_ALGORITHMS_ALLOW specifies the algorithms that are allowed to
+# be used for new passwords.  This is enforced only in crypt_gensalt(3c).
+#
+CRYPT_ALGORITHMS_ALLOW=1,2a,md5,5,6
+
+# To deprecate use of the traditional unix algorithm, uncomment below
+# and change CRYPT_DEFAULT= to another algorithm.  For example,
+# CRYPT_DEFAULT=1 for BSD/Linux MD5.
+#
+#CRYPT_ALGORITHMS_DEPRECATE=__unix__
+
+# The OpenSolaris default is a SHA256 based algorithm.  To revert to the
+# policy present in Solaris releases, set CRYPT_DEFAULT=__unix__.
+# This is not listed in crypt.conf(4) since it is internal to libc.
+# The reserved name __unix__ is used to refer to it.
+#
+CRYPT_DEFAULT=5
+#
+# These settings determine the default privileges users have.  If not set,
+# the default privileges are taken from the inherited set.
+# There are two different settings; PRIV_DEFAULT determines the default
+# set on login; PRIV_LIMIT defines the Limit set on login.
+# Individual users can have privileges assigned or taken away through
+# user_attr.  Privileges can also be assigned to profiles in which case
+# the users with those profiles can use those privileges through pfexec(1m).
+# For maximum future compatibility, the specifications should
+# always include "basic" or "all"; privileges should then be removed using
+# the negation.  E.g., PRIV_LIMIT=all,!sys_linkdir takes away only the
+# sys_linkdir privilege, regardless of future additional privileges.
+# Similarly, PRIV_DEFAULT=basic,!file_link_any takes away only the
+# file_link_any privilege from the basic privilege set; only that notation
+# is immune from a future addition of currently unprivileged operations to
+# the basic privilege set.
+# NOTE: removing privileges from the the Limit set requires EXTREME care
+# as any set-uid root program may suddenly fail because it lacks certain
+# privilege(s).
+#
+#PRIV_DEFAULT=basic
+#PRIV_LIMIT=all
+#
+# LOCK_AFTER_RETRIES specifies the default account locking policy for local
+# user accounts (passwd(4)/shadow(4)).  The default may be overridden by
+# a user's user_attr(4) "lock_after_retries" value.
+# YES enables local account locking, NO disables local account locking.
+# The default value is NO.
+#
+#LOCK_AFTER_RETRIES=NO

--- a/src/util/distro-import/Makefile	Tue Sep 30 22:46:01 2008 -0700
+++ b/src/util/distro-import/Makefile	Wed Oct 01 13:20:58 2008 -0700
@@ -71,6 +71,7 @@
 	boot/grub/menu.lst						\
 	boot/grub/splash.xpm.gz						\
 	etc/inet/hosts							\
+	etc/security/policy.conf					\
 	etc/zones/SUNWblank.xml						\
 	etc/zones/SUNWdefault.xml					\
 	lib/svc/method/fs-usr						\
@@ -254,7 +255,7 @@
 	./desktop_exec.sh /usr/lib/vp-services > $@
 
 #
-# change root's default shell, homedir and add jack user
+# change root's default shell, homedir, password
 #
 proto/etc/passwd:	proto Makefile
 	(./get_file_from_pkg.py $(WOS_PKGS)/SUNWcsr etc/passwd | nawk -F:			\
@@ -262,7 +263,7 @@
 
 proto/etc/shadow:	proto Makefile
 	(./get_file_from_pkg.py $(WOS_PKGS)/SUNWcsr etc/shadow | nawk -F:		\
-	'/^root/{ print "root:wqy8hz4xKqw4o:13817::::::";continue} {print $$0}') > $@
+	'/^root/{ print "root:$5$VgppCOxA$ycFmYW4ObRRHhtsGEygDdexk5bugqgSiaSR9niNCouC:14146::::::";continue} {print $$0}') > $@
 
 proto/usr/has/bin/sh:	proto Makefile
 	./get_file_from_pkg.py $(WOS_PKGS)/SUNWcsr sbin/sh > $@