unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



prpasswd(4)							  prpasswd(4)



NAME

  prpasswd, prpwd - Protected password authentication database (Enhanced
  Security)

DESCRIPTION

  An authentication profile is maintained for each user	on the system.	This
  user profile is kept in the protected	password database, accessible only to
  trusted programs acting on behalf of the trusted computing base (TCB).  The
  protected password database contains among other things the encrypted	pass-
  word for the user account, which must	be hidden from untrusted users.

				     Note

       User profile information	was formerly maintained	in separate
       files.  Such files are no longer	supported.  If found during an
       update installation, the	convuser program automatically converts
       the files into database format.


  The protected	password database does not eliminate the need for the
  /etc/passwd and the /etc/group files.	 Users must be defined in the passwd
  file in order	to use the system.  The	protected password database entry for
  a user contains the user name	and user ID to provide a correlation to	the
  user's /etc/passwd entry.  There must	be a match or the user account is
  treated as invalid.  (Template accounts, however, are	defined	only in	the
  protected password database.)

  User profiles	reside in /tcb/files/auth.db, for accounts such	as root	that
  must be accessible in	single-user mode, and in //var/tcb/files/auth.db, for
  the majority of accounts.  Each user's authentication	profile	contains
  values that are interpreted by trusted programs acting as part of the	TCB.
  These	fields define user-specific values, and	are used before	template
  account or system default template values for	the same field are used.
  Values are obtained as follows:

    +  If the user profile contains a user-specific value, that	value is
       used.

    +  If the user profile contains a reference	to a template account, and no
       user-specific value is defined, the value in the	template account is
       used.

    +  If neither the user profile nor the template account defines a value
       for a field and the system default template defines a value for that
       field, the system default template value	is used.

    +  If the value is defined nowhere else, a static system default is	used
       for the field.

  The system default template values are located in /etc/auth/system/default,
  and can be modified through the dxaccount utility using the View Local
  Template option, or through the edauth utility.

  The protected	password database contains keyword field identifiers and
  depending on the field type, a value for that	field (certain field types do
  not require an explicit value).  The exact syntax for	field specifications
  is consistent	for all	authentication databases and is	described in the
  authcap(4) reference page.  The keyword field	identifiers supported by the
  protected password database and their	associated functions are as follows:

  u_name    This is the	user name for the account. The string must match the
	    name of the	file and a user	name in	a corresponding	/etc/passwd
	    entry.  The	maximum	length for Tru64 UNIX user names is currently
	    8 characters.  This	field is ignored if it is set in a template
	    or in the default database.

  u_id	    This is the	user ID	for the	account.  The number must match	the
	    user ID field of the corresponding /etc/passwd entry.  This	field
	    is ignored if it is	set in a template or in	the default database.

  u_pwd	    This field contains	the encrypted password string for the account
	    if the account has a password.  This field is ignored if it	is
	    set	in a template or in the	default	database.

  u_priority
	    This is a priority number used by authentication programs to
	    modify the nice value of a login process for the user (see the
	    setpriority(2) reference page).

  u_auditcntl
	    This field is the numeric value corresponding to SET_PROC_ACNTL.
	    This number	is used	in conjunction with the	u_auditmask mask.

  u_auditmask
	    This field consists	of a comma-separated list of audit event
	    names.  The	events are the same as those specified in the audit-
	    mask(8) reference page.  An	entry of u_auditmask=all specifies
	    all	system calls and trusted events.

  u_minchg  This field specifies the minimum password change time in seconds.
	    If the number is nonzero, the password cannot be changed until
	    the	specified number of seconds since the last successful pass-
	    word change	have passed unless the person changing the password
	    is authorized to override this constraint.

  u_minlen  The	number in this field specifies the minimum length of the user
	    account password. If the field is zero, a dynamic value is calcu-
	    lated as defined in	the Green Book.

  u_maxlen  The	number in this field specifies the maximum length of the user
	    account password for generated passwords only.  It should be less
	    than the system-wide maximum value defined by the <prot.h> con-
	    stant AUTH_MAX_PASSWD_LENGTH.

  u_minchosen
	    The	number in this field specifies the minimum length of the user
	    account password for user-chosen passwords only.  If the field is
	    zero, a dynamic value is calculated	as defined in the Green	Book.

  u_maxchosen
	    The	number in this field specifies the maximum length of the user
	    account password for user-chosen passwords only.  To encourage
	    longer, more secure	user passwords,	set it to allow	the system-
	    wide maximum value defined by the <&lt;prot.h>&gt; constant
	    AUTH_MAX_PASSWD_LENGTH.

  u_exp	    The	number in this field is	a time_t value that specifies how
	    long from a	successful change until	the account password expires.
	    When a password expires, system authentication programs request
	    that the password be changed when the user logs in to the system.
	    If the password lifetime expires before the	password is changed,
	    the	account	is disabled.

  u_life    The	number in this field is	a time_t value that specifies the
	    lifetime of	a password.  If	this time interval is reached, the
	    account is disabled	and can	only be	unlocked by an authorized
	    system administrator.

  u_succhg  The	time in	this field is a	time_t value that indicates the	time
	    of the last	successful password change.  This field	should only
	    be set by programs that can	be used	to change the account pass-
	    word.  This	field is ignored if it is set in a template or in the
	    default database.

  u_unsucchg
	    The	time in	this field is a	time_t value that indicates the	time
	    of the last	unsuccessful password change.  This field should only
	    be set by programs that can	be used	to change the account pass-
	    word.  This	field is ignored if it is set in a template or in the
	    default database.

  u_pickpw  This field controls	the ability of the user	to pick	a password
	    for	the account.  A	u_pickpw entry indicates that the user can
	    pick his own password; a u_pickpw@ entry indicates that he can-
	    not.  This permits an account to be	configured so that a user
	    cannot pick	a password but instead has a password generated	by
	    the	system.

  u_genpwd  This field controls	the ability of a user to generate a password
	    for	the account.  A	u_genpwd entry indicates that the system will
	    generate the password for the user;	a u_genpwd@ entry indicates
	    that the user can pick his own password.  The system is capable
	    of generating passwords containing random words.

  u_restrict
	    This field controls	whether	password triviality checks are per-
	    formed on any user-selected	passwords.  A u_restrict entry indi-
	    cates that triviality checks are performed;	a u_restrict@ entry
	    indicates they are not performed.  Triviality checks include ver-
	    ifying that	the password is	not a login or group name, a palin-
	    drome, or a	word recognized	by the spell program. See the
	    acceptable_password(3) reference page for more information on
	    triviality checks for passwords.

  u_nullpw  This field controls	the ability of the user	to choose a null
	    password for the account.  A u_nullpw entry	indicates a null
	    password can be chosen; a u_nullpw@	entry indicates	that it	can-
	    not.

  u_pwchanger
	    This field is a string representing	the user name of the last
	    person to change the account password if that user was not the
	    account's owner. This is used to warn the user at login time if
	    the	account	password has been changed, possibly without the
	    knowledge of the user.  This field is ignored if it	is set in a
	    template or	in the default database.

  u_genchars
	    This field controls	the ability of the user	to generate random
	    characters for a password.	A u_genchars entry indicates that the
	    user can generate passwords	made up	of random characters; a
	    u_genchars@	entry indicates	that he	cannot.

  u_genletters
	    This field controls	the ability of the user	to generate random
	    letters for	a password.  A u_genletters entry indicates that the
	    user can generate passwords	made up	of random letters; a
	    u_genletters@ entry	indicates that he cannot.

  u_pwdepth This field is a number (0 to 9) representing the number of old
	    encrypted passwords	to keep	to prevent reuse of previously used
	    passwords.

  u_pwdict  This field is a comma-separated list strings representing the old
	    encrypted passwords. The length of the list	is determined by
	    u_pwdepth.	This field is ignored if it is set in a	template or
	    in the default database.

  u_oldcrypt
	    This field is the algorithm	number used to encrypt the current
	    password.  This field is ignored if	it is set in a template	or in
	    the	default	database.

  u_newcrypt
	    This field is the algorithm	number used to encrypt future pass-
	    words.

  u_suclog  The	time in	this field is a	time_t value that contains the system
	    time of the	last successful	login to the account.  The system-
	    wide default d_skip_success_login_log controls whether or not
	    this field is updated at each login.  This field is	ignored	if it
	    is set in a	template or in the default database.

  u_unsuclog
	    The	time in	this field is a	time_t value that contains the system
	    time of the	last unsuccessful login	attempt	to the account.
	    Updates to this field control breakin detection and	evasion.  The
	    system-wide	default	d_skip_fail_login_log controls whether or not
	    this field is updated at each login	failure.  This field is
	    ignored if it is set in a template or in the default database.

  u_suctty  This field is a character string that identifies the name of the
	    terminal associated	with the last successful login to the
	    account.  The systemwide default d_skip_ttys_update	controls
	    whether or not this	field is updated at each login.	 This field
	    is ignored if it is	set in a template or in	the default database.

  u_numunsuclog
	    This field contains	a number indicating the	number of unsuccess-
	    ful	login attempts to the account and is reset when	a successful
	    login to the account occurs.  If a login is	attempted during the
	    time period	from u_unsuclog	to u_unsuclog plus u_unlock,
	    andu_numunsuclog is	not less than u_maxtries, the login is
	    refused.  (This check is suppressed	if the u_maxtries field	is
	    set	to zero.) The system-wide default d_skip_fail_login_log	con-
	    trols whether or not this field is updated at each login failure.
	    This field is ignored if it	is set in a template or	in the
	    default database.

  u_unsuctty
	    This field is a character string that identifies the name of the
	    terminal associated	with the last unsuccessful login attempt to
	    the	account.  This field is	ignored	if it is set in	a template or
	    in the default database.

  u_tod	    This field is a string that	contains a comma-separated list	of
	    time-of-day	specification entries that control when	the user
	    account can	be used	for login.

  u_maxtries
	    The	number in this field specifies the maximum number of consecu-
	    tive unsuccessful login attempts to	the account that are permit-
	    ted	until the account is disabled.	Setting	this field to 0
	    prevents the account from being disabled because of	retry
	    failures.  In this case, u_numunsuclog is incremented, but not
	    checked.

  u_retired This field indicates whether the account is	retired	or not.	An
	    account that has been retired cannot be used for any purpose.  A
	    u_retired entry indicates that the account is retired; a
	    u_retired@ entry indicates that it is not.	This field is ignored
	    if it is set in a template or in the default database.

  u_lock    This field is used to administratively lock	an account.  A u_lock
	    entry indicates that the account is	locked;	a u_lock@ entry	indi-
	    cates that it is not.  A user cannot log in	to a locked account.
	    An account can also	be disabled by other means.  See get-
	    prpwent(3) for more	information.

  u_unlock  This field is a number indicating the time in seconds to wait
	    before re-enabling the account after an unsuccessful login
	    attempt (u_unsuclog).

  u_flogins This field is the displayable count	of the number of unsuccessful
	    login attempts.  The system-wide default d_skip_fail_login_log
	    controls whether or	not this field is updated at each login
	    failure.  This field is ignored if it is set in a template or in
	    the	default	database.

  u_policy  This field is used to control whether the /tcb/bin/pwpolicy	file
	    is consulted for validating	password changes.  A u_policy entry
	    indicates that the /tcb/bin/pwpolicy file is consulted; a
	    u_policy@ entry indicates that it is not.

  u_expdate The	actual time of type time_t that	an account is set to expire.

  u_vacation_start
	    This field is a numeric value of type time_t that indicates	the
	    start of user's scheduled vacation.	 This field is ignored if it
	    is set in a	template or in the default database.

  u_vacation_end
	    This field is a numeric value of type time_t that indicates	the
	    end	of user's scheduled vacation.  This field is ignored if	it is
	    set	in a template or in the	default	database.

  u_rlimit_cpu
	    The	RLIMIT_CPU rlim_max numeric value set by the setrlimit() sys-
	    tem	call at	login time.

  u_rlimit_fsize
	    The	RLIMIT_FSIZE rlim_max numeric value set	by the setrlimit()
	    system call	at login time.

  u_rlimit_data
	    The	RLIMIT_DATA rlim_max numeric value set by the setrlimit()
	    system call	at login time.

  u_rlimit_stack
	    The	RLIMIT_STACK rlim_max numeric value set	by the setrlimit()
	    system call	at login time.

  u_rlimit_core
	    The	RLIMIT_CORE rlim_max numeric value set by the setrlimit()
	    system call	at login time.

  u_rlimit_rss
	    The	RLIMIT_RSS rlim_max numeric value set by the setrlimit() sys-
	    tem	call at	login time.

  u_rlimit_nofile
	    The	RLIMIT_NOFILE rlim_max numeric value set by the	setrlimit()
	    system call	at login time.

  u_rlimit_vmem
	    The	RLIMIT_VMEM rlim_max numeric value set by the setrlimit()
	    system call	at login time.

  u_max_login_intvl
	    A numeric value representing the maximum time, in seconds, since
	    last successful login before account is disabled.  If set for an
	    account (or	system-wide), the user is automatically	considered
	    "locked out" if the	last successful	login was more than the
	    specified interval before the current time.	 As with other
	    is_locked_out() checks, the	grace-period feature allows an over-
	    ride.

  u_grace_limit
	    This filed is a numeric value of type time_t. In a user profile,
	    it is the timestamp	until which automatic lockouts are bypassed
	    (so	locked_out_es()	says no).  In the system defaults database,
	    it is the interval to be added to the current time when clicking
	    on Unlock Account in the dxaccounts	GUI.

	    This field allows a	time-limited bypass to the is_locked_out()
	    checks so an administrator can allow a user	to log in until	a
	    specified time of day (for example,	until 5pm).  This bypasses
	    anything except the	u_lock administration lock on an account.

	    This field is ignored if it	is set in a template or	in the
	    default database.

  u_psw_change_reqd
	    A boolean expression indicating that the administrator requires a
	    password change now.  Unlike zeroing the u_suclog field, this
	    still obeys	the password lifetime requirements before refusing
	    further logins.  Note: While the old method	of zeroing fd_schange
	    still works, this method conforms to the Green Book.  This field
	    is ignored if it is	set in a template or in	the default database.

  u_template
	    This field is the name of the template which provides default
	    values for those fields for	which no user-specific value is
	    defined.  This field is ignored if it is set in a template or in
	    the	default	database.

  u_istemplate
	    This field indicates that the account is a template	only.  This
	    field is ignored if	it is set in a template	or in the default
	    database.

  The u_vacation_* fields allow	the user to specify a start and	end date/time
  for vacation.	 This causes the login/password	controls to ignore that
  period of time for things like password lifetime and "you must log in	every
  so often".  In order to retain Green Book conformance, it also disallows
  logins during	that timespan.

  The setrlimit() system call controls or restricts system resources some (or
  all) users. These resources include how much CPU time	they can have, how
  much virtual address space they can have (how	much swap space), how many
  file descriptors they	can have open, and each	of the other things (total of
  8) controlled	through	setrlimit().  This sets	hard limits, and restricts
  soft limits to match if they would otherwise be over the new hard limits.

  The getprpwent routines are used to parse the	protected password database
  files	into a prpasswd	structure that can be used by programs.	 A flag	in
  the structure	indicates whether a particular field in	the structure and
  hence	the field is defined. System default values are	also provided in the
  structure.  These values are derived from the	/etc/auth/system/default file
  and can be used by programs in the absence of	a user-specific	value.

EXAMPLES

  The following	example	shows a	typical	protected password database entry:

       perry:u_name=perry:u_id#101:\
	       :u_pwd=aZXtu1kmSpEzm:\
	       :u_minchg#0:u_succhg#653793862:u_unsucchg#622581606:u_nullpw:\
	       :u_suclog#671996425:u_suctty=tty1:\
	       :u_unsuclog#660768767:u_unsuctty=tty1:\
	       :u_maxtries#3:chkent:

  This protected password database entry is for	the user perry.	 The user ID
  for perry is 101.  This value	must match the /etc/passwd entry for this
  user.	 The account has a password and	its encrypted form is specified	by
  the u_pwd field.

  The database entry specifies a minimum password change time of 0, indicat-
  ing that the password	can be changed at any time.  Furthermore, the account
  is permitted to have a null password.	 The account has a maximum consecu-
  tive unsuccessful login threshold of 3, indicating that the account is
  locked after three failed attempts.  The remaining fields provide account
  information such as the last successful and unsuccessful password change
  times	as well	as the last successful and unsuccessful	login times and	ter-
  minal	names.

FILES

  /tcb/files/auth.db
	    Specifies the pathname of the protected password database for
	    accounts with UIDs less than AUTH_MIN_GEN_UID, which is set	to
	    100	by default.

  /var/tcb/files/auth.db
	    The	pathname of the	protected password database for	accounts with
	    UIDs greater than or equal to AUTH_MIN_GEN_UID, which is set to
	    100	by default.

  /etc/auth/system/default
	    The	system default database	that defines system-wide global
	    parameters.

RELATED	INFORMATION

  Commands: login(1), passwd(1), auditmask(8), authck(8)

  System Calls:	setrlimit(2)

  Functions: locked_out_es(3), nice(3),	acceptable_password(3),	get-
  prpwent(3), time_lock(3)

  Files:  authcap(4), default(4), group(4), passwd(4)