unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



prpasswdd(8)							 prpasswdd(8)



NAME

  prpasswdd - Enhanced security	daemon

SYNOPSIS

  /usr/sbin/prpasswdd [-lifetime secs] [-reply_lifetime	secs] [-depth n]
  [-debug]

FLAGS

  -debug
	Enables	request	logging	by the auth facility in	syslog.	 This should
	only be	used for debugging, because the	volume of logged data can be
	considerable.

  -depth n
	Limits the number of remembered	entries	kept cached in memory (for
	speed).	 The default depth is unlimited.

  -lifetime secs
	Limits the amount of time (in seconds) that remembered entries are
	kept cached in memory.	The default lifetime is	1 hour (3600
	seconds).

  -reply_lifetime secs
	Limits the amount of time (in seconds) that client transactions	are
	remembered for fast RPC	replies.  The default reply lifetime is	6
	minutes	(360 seconds), which allows for	minimum	of 5 minutes built
	into the client	library	code before timing out a given transaction
	request.

DESCRIPTION

  The enhanced security	daemon,	prpasswdd, manages writes to the protected
  password authentication database, as well as the other enhanced security
  databases.  It prevents file lock contention among multiple writers.	A
  strict C2 security policy, which is optionally configurable using enhanced
  security, requires each user login or	login failure to be recorded in	the
  protected password authentication database.  These updates, in combination
  with password	changes	and system administration functions affecting user
  accounts, are	coordinated by the daemon.

  Clients communicate with the daemon using rpc.  Two daemon processes,	a
  parent and a child, exist on a system	running	enhanced security.  The	dae-
  mon is controlled from /sbin/init.d/prpasswd,	which accepts the start,
  stop,	and restart commands.  The active daemon is the	child process, which
  writes its PID to the	/var/run/prpasswdd.pid file.

  The daemon services requests from the	localhost address (127.0.0.1), or,
  for TruCluster Server	V5.0 systems, from the default cluster alias address.
  Requests from	other addresses	or from	non-privileged ports are rejected.

FILES

  /tcb/files/auth.db

  /var/tcb/files/auth.db

  /etc/auth/system/default

  /etc/auth/system/devassign

  /etc/auth/system/files

  /etc/auth/system/ttys.db

RELATED	INFORMATION

  Commands: login(1), dxaccounts(8), edauth(8),	useradd(8)

  Functions: putespwnam(3), putestcnam(3), putesdfnam(3), putesdvnam(3),
  putesfinam(3)

  Files: authcap(4), default(4), devassign(4), files(4), prpasswd(4), ttys(4)