unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



authcap(4)							   authcap(4)



NAME

  authcap - Format of security databases (Enhanced Security)

DESCRIPTION

  The security-relevant	databases used by the enhanced security	subsets
  include the user profile databases (and by extension thier optional NIS map
  source files), the file control database, the	terminal control and device
  assignment databases,	and the	system default database.

  This reference page describes	the location and general format	of these
  databases.  A	specific reference page	for each database describes its
  fields.

  The user profile databases (sometimes	referred to as the protected password
  database) reside in /tcb/files/auth.db and /var/tcb/files/auth.db.  The
  /tcb/files/auth.db database contains information for UIDs from 0 to 99.
  The /var/tcb/files/auth.db database contains information for UIDs 100	and
  up.

  All other databases reside in	/etc/auth/system. These	include:

  default   System default database of global (or template) values for users
	    and	devices.

  files	    File control database

  ttys.db   Terminal control database

  devassign Device assignment database

  Files	with .db extensions are	in database format for efficiency.  Others
  are ASCII files.  All	the databases can be manipulated by the	edauth util-
  ity.

  A file entry consists	of a key followed by a colon (:), a set	of
  field/value pairs each followed by a colon, and a terminator,	chkent:.  The
  following is an example of a user profile entry as a single, continuous
  line:

       jones:u_name=jones:u_id#16:u_pwd=a78/a1.eitfn6:u_lock@:chkent:

  For readability, an entry can	optionally be split into multiple lines	by
  inserting a backslash	(\) character at the end of each line and an extra
  colon	at the beginning of the	continuation line.  Continuation lines are
  indented by a	tab character.	The split cannot separate a field/value	pair,
  including its	terminating colon.

  The following	is the same entry as above, broken into	multiple lines:

       jones:u_name=jones:u_id#16:\
       :u_pwd=a78/a1.eitfn6:\
       :u_lock@:chkent:

  Multiple entries are separated by a new line that is not preceded by a con-
  tinuation character. For example:


       smith:u_name=smith:u_id#75:u_maxtries#9:u_retired:chkent:
       jones:u_name=jones:u_id#76:u_maxtries#5:u_retired:chkent:

  Each entry is	referenced by the key followed by the colon (:).

  At the end of	each entry is the chkent field.	 The "chkent:" string indi-
  cates	that the entry is complete.  This is used as an	integrity check	on
  each entry by	the programs that read the databases.

  The field names, or capabilities, begin with an identifying prefix that
  depends upon the database type.  The following list of prefixes also lists
  the reference	page that explains the associated database:

  t_   Terminal	control	database field.	See the	ttys(4)	reference page.

  u_   User profile (protected password) database field.  See the prpasswd(4)
       reference page.

  v_   Device assignment database field.  See the devassign(4) reference
       page.

  d_   System default database field.  Note that the system default database
       can contain fields with any of the above	prefixes.  See the default(4)
       reference page.

  Fields can have numeric, Boolean, or string values:

  Numeric   Numeric fields take	the form fieldname#number, where number	is a
	    decimal number, an octal number (indicated by a leading 0),	or a
	    hexadecimal	number (indicated by a leading 0X).

  Boolean   Boolean fields take	the form fieldname for true or fieldname@ for
	    false.

  String    String fields take the form	fieldname=string, where	string is 0
	    (zero) or more characters.	To include the backslash () or colon
	    (:)	characters in a	string,	surround them with the backslash ()
	    character.

  File Locking

  All databases	use a lock file, the existence of which	means that the file
  is currently being rewritten.	Occasionally, the files	remain after a system
  crash	and must be removed manually. The lock file is formed by appending :t
  to the database file name.

  Fields and Flags

  A program reads a database entry as a	structure composed of two sub-
  structures: a	field sub-structure and	a flag sub-structure.  Each sub-
  structure has	one member for each potential field.  A	one-bit	flag indi-
  cates	the presence or	absence	of its corresponding field in a	particular
  entry. The field structure contains the field	values (for example, a
  number, a Boolean flag, a directory string, or a mask).

FILES

  /tcb/files/auth.db
	    Protected password database	for UIDs from 0	to 99.

  /var/tcb/files/auth.db
	    Protected password database	for UIDs 100 and up.

  /etc/auth/system/*
	    Contains the global	system settings	database.

RELATED	INFORMATION

  Functions: getprpwent(3), getdvagent(3), getprdfent(3), getprtcent(3), get-
  prfient(3)

  Files: default(4), devassign(4), files(4), prpasswd(4), ttys(4)