unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



ttys(4)								      ttys(4)



NAME

  ttys - Terminal control database file	 (Enhanced Security)

DESCRIPTION

				     Notes
       The secure terminal database file, /etc/securettys, controls root
       logins for all security levels.	The file is described in the securet-
       tys(4) reference	page.

       By default, the enhanced	security terminal control information is
       stored in database format (ttys.db).  The information was formerly
       stored in the ttys file and is converted	to database format in an
       update installation.  The convauth utility converts an existing ttys
       file to database	format.

  The enhanced security	terminal control database (ttys.db) contains an	entry
  for each terminal or X displayname that can be used for logging in.  It
  supports wildcarding of the entire terminal name or displayname only.
  Authentication programs use information in the terminal control database to
  determine if a login is permitted on the specified terminal.	Information
  from the device assignment database (/etc/auth/system/devassign) can also
  affect terminal login	permissions.  Successful and unsuccessful login
  attempts on the terminal are optionally recorded in the terminal control
  database, and	the information	can be used to disable terminal	logins when
  breakin attempts are suspected.

  The /usr/tcb/bin/dxdevices GUI provides a way	to create terminal control
  database entries and to alter	the system default values for the fields.
  The edauth utility can also be used to display and modify terminal control
  database entries.

  A terminal control database entry consists of	keyword	field identifiers and
  values for those fields.  If a necessary value is not	specified in an
  entry, a default value for the field is supplied from	the system default
  file (/etc/auth/system/default).  For	more information on the	field format,
  see the authcap(4) reference page.

  The following	keyword	field identifiers are supported:

  t_devname This field defines the terminal device name	for the	entry. The
	    system expects that	terminal devices are in	the /dev directory
	    and	therefore this prefix should not be specified. If the termi-
	    nal	entry describes	the /dev/tty1 device, the t_devname field
	    should contain tty1.  This field is	ignored	if it is set in	a
	    template or	in the default database.

  t_uid	    This field contains	the user ID of the last	user who successfully
	    logged in using the	terminal device.  This field is	ignored	if it
	    is set in a	template or in the default database.

  t_logtime This field is a time_t value that records the last successful
	    login time to the terminal device.	This field is ignored if it
	    is set in a	template or in the default database.

  t_unsucuid
	    This field contains	the user ID of the last	user who unsuccess-
	    fully attempted to log in using the	terminal device.  This field
	    is ignored if it is	set in a template or in	the default database.

  t_unsuctime
	    This field is a time_t value that records the last unsuccessful
	    login time to the terminal device.	This field is ignored if it
	    is set in a	template or in the default database.

  t_prevuid This field contains	the user ID of the user	who successfully
	    logged in before the user identified in the	t_uid field.  This
	    represents the UID of the previous login session.  This field is
	    ignored if it is set in a template or in the default database.

  t_prevtime
	    This field is a time_t value that contains the system time of
	    last logout	associated with	this terminal device. This value
	    marks the end of the previous login	session	associated with	the
	    user identified by t_prevuid.

  t_failures
	    This field records the number of consecutive unsuccessful login
	    attempts to	the terminal device.  This field is ignored if it is
	    set	in a template or in the	default	database.

  t_maxtries
	    This field specifies the maximum number of consecutive unsuccess-
	    ful	login attempts permitted using the terminal before the termi-
	    nal	is locked. Once	the terminal is	locked,	it must	be unlocked
	    by an authorized administrator.

  t_logdelay
	    This field is a time_t value that identifies the login delay
	    enforced by	authentication programs	between	unsuccessful login
	    attempts. This field is designed to	slow the rate at which pene-
	    tration attempts on	a terminal device can occur.

  t_lock    This field indicates whether the terminal device has been admin-
	    istratively	locked.	This field is manipulated by authorized
	    administrators only.

  t_unlock  This field specifies the time interval in seconds after
	    t_unsuctime	to wait	before ignoring	t_failures. Zero means never
	    ignore t_failures.

  t_login_timeout
	    This field specifies the login time-out value in seconds. If a
	    login attempt is initiated by entering a user name at the login
	    prompt but successful authentication is not	completed within the
	    time-out interval specified, the login attempt is aborted.

  t_xdisplay
	    This field indicates that the entry	is an X	window display
	    managed by xdm, rather than	a terminal device.  This field is
	    ignored if it is set in a template or in the default database.

EXAMPLES

  The following	example	shows a	typical	terminal control database entry:

       console:t_devname=console:
	       :t_uid=jdoe:t_logtime#675430072:
	       :t_unsucuid=jdoe:t_unsuctime#673610809:
	       :t_prevuid=root:t_prevtime#671376915:
	       :chkent:

  This entry is	for the	system console device, /dev/console. The most recent
  successful login session was for the user jdoe. The most recent
  unsuccessful login attempt was also by user jdoe. Before the most recent
  successful login session, the	root account was used to log in	to the con-
  sole.	 The entry records the system time for the current successful login,
  the end of the previous successful login session, and	the time of the	most
  recent unsuccessful login attempt.

FILES

  /etc/auth/system/ttys.db
	    Specifies the pathname of the database.

RELATED	INFORMATION

  Commands: login(1)

  Functions:  getprtcent(3)

  Files: authcap(4), default(4), securettys(4)