Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Apropos / Subsearch:
optional field

edauth(8)							    edauth(8)


  edauth - update and list authentication and capabilities (authcap) database
  information (Enhanced	Security)


       /usr/tcb/bin/edauth [-d db] [-L|-N] [-q]	[-v] entryname ...
       /usr/tcb/bin/edauth -g [-d db] [-L|-N] [-q] [-t]	[-v] [entryname...]
       /usr/tcb/bin/edauth -s [-d db] [-L|-N] [-R] [-t]	[-U uid] [-C] [-q] [-v]
       /usr/tcb/bin/edauth -r [-d db] [-L|-N] [-q] [-v]	entryname...
       /usr/tcb/bin/edauth -H


  -d db
       Specifies which database	to use.	 Select	from one of the	characters d,
       f, p, t,	or v.

       d  -  The system	default	database, /etc/auth/system/default

       f  -  The file control database,	/etc/auth/system/files

       p  -  User profile data in the /tcb/files/auth.db,
       /var/tcb/files/auth.db, and optional associated NIS map sources.

       t  -  The terminal control database, /etc/auth/system/ttys.db

       v  -  The terminal control database, /etc/auth/system/devassign

       The user	profile	database (p) is	the default if no -d option is given.

  -g   Gets the	named entries (or all) and prints them to standard output
       rather than editing them.  If the -q option is also given, the entries
       are not printed,	and the	exit status is the only	confirmation of
       whether at least	one entry would	have been printed if -q	had not	been

  -r   Removes (deletes) named entries rather than editing them.

  -s   Sets new	values based on	pre-edited entries read	from standard input.
       If a new	entry is being created,	the corresponding passwd entry must
       be created first.  If the -C option is not given, existing entries are
       overwritten by the new data.

  -t   When used with -g or -s options,	account	template entries are included
       in addition to user-profile entries.  Note that account templates do
       not have	password entries.

  -v   Gives more verbose messages.

  -C   Restricts the -s	option to creating new entries only, rather than pos-
       sibly overwriting existing ones.

  -L   Uses only local entries,	not NIS.

  -N   Uses only NIS entries, not local.

  -R   Causes new local	user-profile entries to	be written to the root
       partition only, no matter what the UID of the profile.

  -U uid
       Specifies the minimum general user UID.	User-profile entries with
       UIDs less than this value (default of 100) are written to the root
       partition in the	/tcb/files/auth.db file.  Profiles with	uids greater
       than or equal to	the specified value are	written	to the
       /var/tcb/files/auth.db file.

  -H   Print a help message and	exit successfully with no further processing.


  The edauth utility displays and modifies the system databases	used by	the
  enhanced security subsets.  These include the	user profile databases and
  their	NIS map	source files, the file control database, the terminal control
  and device assignment	databases, and the system default database.  Note
  that edauth does not alter /etc/passwd.

  The edauth utility is	intended for disaster-recovery situations, since the
  GUIs provide a much friendlier interface.  However, for sites	where X	is
  not available, edauth	can be used for	general	maintenance of these data-

  If none of the -s, -g, or -r options are given, edauth extracts each match-
  ing entry into a temporary file, and allows the user to edit that entry.
  If the edited	entry has more unparsed	fields than did	the old	copy, a	warn-
  ing is given.	 If the	-v option was given, the unparsed text is displayed.

  Editing and setting of entries in NIS	maps is	only allowed on	the NIS	mas-
  ter host, in which case the changes are made to the NIS map source files
  themselves, and a make of the	NIS maps is then performed by edauth.

  The only option available to a non-root user is displaying the publicly-
  accessible databases or the user's own profile.


  To display just the wildcard entries from the	ttys and devassign databases:

       # edauth	-g -dt '*' '*:*'
       # edauth	-g -dv '*' '*:*'

  To display the system	defaults data:

       # edauth	-g -dd

  For a	non-root user to display his or	her own	profile:

       % edauth	-g

  For a	privileged user	to display all user profiles:

       # edauth	-g

  To display the user profile for root:

       # edauth	-g root

  To edit the entry for	user root:

       # edauth	root

  To edit the ttys database entry for lat/628:

       # edauth	-dt lat/628

  To edit the NIS profile entry	for user nobody:

       # edauth	-N nobody

  To add a template of cis401 to a list	of user	names contained	in a file
  named	students:

       edauth -g `cat students`	\
	   | sed 's/:chkent:/:u_template=cis401:chkent:/' \
	   | edauth -s


  The following	environment variables can be used by edauth:

  TERM	    Checked for	being set only,	in order to determine whether the
	    $VISUAL environment	variable should	be consulted to	find an	edi-
	    tor	to use.	 The $TERM variable is also likely to be used by the
	    editor that	is spawned.

  VISUAL    Checked to find the	editor to use when editing data, if the	$TERM
	    environment	variable is set.

  EDITOR    Checked to find the	editor to use when editing data.  If neither
	    the	$VISUAL	nor the	$EDITOR	environment variable is	available,
	    edauth checks /usr/bin/ex and /sbin/ed for execute permissions
	    and	stops attempts to edit data if none can	be found.

  Other	environment variables which are	likely to be used:

       This environment	variable is checked by the /var/yp/Makefile file when
       updating	the NIS	maps in	order to determine whether to force the	NIS
       slave servers to	update their maps immediately (and to wait for that


  convuser(8), convauth(8), authck(8)

  authcap(4), prpasswd(4), ttys(4), default(4),	devassign(4), files(4)