prpwd - protected password authentication database files used for
An authentication profile is maintained for each user on the system. A
user profile is kept in a protected password database file that is
accessible only to the System Administrator. The protected password
database files contain among other things the encrypted password for
the user account. On a trusted system, the passwords are hidden from
The protected password database files do not obviate the need for the
/etc/passwd and the /etc/group files. Users must be defined in the
/etc/passwd file in order to use the system. The protected password
database file for a user contains the user name and user id to provide
a correlation to the user's /etc/passwd entry. These must match or the
user account will be treated as invalid.
Protected password database files are maintained in the
/tcb/files/auth hierarchy. This directory contains other directories
each named with a single letter from the alphabet. User authentication
profiles are stored in these directories based on the first letter of
the user account name. This enables an efficient search operation to
locate the file for a specific user name. For instance, the
authentication profile for the root account is located in the
/tcb/files/auth/r directory and can be accessed by opening the file
Fields defined in a file are user specific values. These values
override the system default values. Trusted programs check first for
the existence of user specific parameters before using a system
A protected password database file contains keyword field identifiers
and, depending on the field type, a value for that field (certain
field types do not require an explicit value). The exact syntax for
field specifications is described in authcap(4). Field specification
is consistent for all system authentication databases. The keyword
field identifiers supported by the protected password database file
and their associated function are given in the following descriptions:
u_name This is the user name for the account which must match
the name of the file and the user name from the
corresponding /etc/passwd entry.
u_id This is the user id for the account which must match
the user id field of the corresponding /etc/passwd
Hewlett-Packard Company - 1 - HP-UX Release 11i: November 2000
u_pwd This field contains the encrypted password for the
account if the account has a password.
u_owner This field contains the owner of the account.
u_booauth If this field exists and contains a value greater than
zero (typically 1), and the boot authenticate flag is
set in the system default file, then this user has
authority to boot the system. If the boot authenticate
flag is not set in the system default file then this
field is not used.
u_audid This field contains the audit ID for the user.
u_auditflag This field contains the audit flag for the user.
u_minchg This field specifies the minimum password change time
in seconds. If non-zero, the password cannot be changed
until the specified number of seconds since the last
successful password change have passed unless the
person changing the password is authorized to override
u_maxlen This field specifies the maximum length of the user
account password and should be less than the system-
wide maximum value defined by the <prot.h> constant
u_exp This field is a time_t value that specifies when the
account password will expire. When a password expires,
system authentication programs will request that the
password be changed when the user logs into the system.
If the password lifetime expires before the password is
changed, the account will be locked.
u_life This field is a time_t value that specifies the
lifetime of a password. If this time is reached, the
account will be locked and can only be unlocked by an
authorized system administrator.
u_succhg This field is a time_t value that indicates the time of
the last successful password change. This field should
only be set by programs that can be used to change the
u_unsucchg This field is a time_t value that indicates the time of
the last unsuccessful password change. This field
should only be set by programs that can be used to
change the account password.
Hewlett-Packard Company - 2 - HP-UX Release 11i: November 2000
u_acct_expire This field is the time_t time is seconds that the
account will be usable. After this time interval the
user will no longer be allowed to login. This field is
different from the u_life field in that the u_life
field is the time from the last password change.
u_acct_expire is not affected by the changing of the
u_max_llogin This value, in secconds, is the maximum time allowed
between logins. If the time between the last login and
the current time exceeds this value, the account is
locked and the user can no longer logon.
This value, in seconds, is the time at which a warning
will appear prior to the expiration of the users
u_pickpw This value is a flag that controls the ability of the
user to pick a password for the account. This permits
an account to be configured so that a user can not pick
a password but instead has a password generated by the
system for the account.
u_genpwd This flag field controls the ability of a user to
generate a password for the account. The system is
capable of generating passwords containing random
letters, characters, or words.
u_restrict This flag field controls whether password triviality
checks are performed on any user chosen passwords.
Triviality checks performed include verifying that the
password does not represent a login or group name, a
palindrome, or a word recognized by the spell(1)
program. See acceptable_password(3) for more
information on triviality checks for passwords.
u_nullpw This flag controls the ability of the user to choose a
null password for the account.
u_pwchanger This field records the user id of the last person to
change the account password if that user was not the
same the account's user. This is used to warn the user
at login time if the account password has been changed
possibly without the knowledge of the user.
u_pw_admin_num This field holds the random number the user must supply
to login after the account is reset by the system
administrator. This field is removed after a successful
Hewlett-Packard Company - 3 - HP-UX Release 11i: November 2000
u_genchars This flag field controls the ability of the user to
generate random characters for a password.
u_genletters This flag field controls the ability of the user to
generate random letters for a password.
u_tod This field contains a comma separated list of time-of-
day specification entries that controls when the user
account can be used for login. For more information on
the format of a list entry, see tod(3).
u_suclog This field is a time_t value that contains the system
time of the last successful login to the account.
u_unsuclog This field is a time_t value that contains the system
time of the last unsuccessful login to the account.
u_suctty This field is a character string that identifies the
name of the terminal or remote host associated with the
last successful login to the account.
A remote host specification consists of the ASCII
representation of the Internet address of the host.
This field is converted into an Internet address and is
converted to a hostname using gethostbyaddr(3).
u_numunsuclog This field contains a count of the number of
unsuccessful login attempts to the account. This field
is reset when a successful login to the account occurs.
u_unsuctty This field is a character string that identifies the
name of the terminal or remote host associated with the
last unsuccessful login attempt to the account.
u_maxtries This field specifies the maximum number of consecutive
unsuccessful login attempts to the account that are
permitted until the account is locked.
u_lock This flag field is used to administratively lock an
account. A user cannot login to a locked account.
The following is an example of a typical protected password database
Hewlett-Packard Company - 4 - HP-UX Release 11i: November 2000
This protected password database file is for the user perry. The user
id for perry is 101. This value must match the /etc/passwd entry for
this user. The account has a password and its encrypted form is
specified by the u_pwd field.
The database file specifies a minimum password change time of 0,
indicating the password can be changed at any time. Furthermore, the
account is permitted to have a null password (u_nullpw). The account
has a maximum consecutive unsuccessful login threshold of 3 attempts
indicating that the account will be locked after three failed attempts
(u_maxtries). The remaining fields provide account information such as
the last successful and unsuccessful password change times as well as
the last successful and unsuccessful login times and terminal names.
prpwd was developed by HP.
login(1), acceptable_password(3), getprpwent(3), tod(3), authcap(4),
The getprpwent(3) routines are used to parse the protected password
database files into a structure that can used by programs. A flag in
the structure indicates whether a particular field in the structure
and hence the field is defined. System default values are also
provided in the structure. These values are derived from the
/tcb/files/auth/system/default field and can be used by programs in
the absence of a user specific value.
Hewlett-Packard Company - 5 - HP-UX Release 11i: November 2000