 |
Index for
Section 4 |
|
 |
Alphabetical
listing for A |
|
 |
Bottom of
page |
|
authcap(4)
NAME
authcap - Format of security databases (Enhanced Security)
DESCRIPTION
The security-relevant databases used by the enhanced security subsets
include the user profile databases (and by extension thier optional NIS map
source files), the file control database, the terminal control and device
assignment databases, and the system default database.
This reference page describes the location and general format of these
databases. A specific reference page for each database describes its
fields.
The user profile databases (sometimes referred to as the protected password
database) reside in /tcb/files/auth.db and /var/tcb/files/auth.db. The
/tcb/files/auth.db database contains information for UIDs from 0 to 99. The
/var/tcb/files/auth.db database contains information for UIDs 100 and up.
All other databases reside in /etc/auth/system. These include:
default
System default database of global (or template) values for users and
devices.
files
File control database
ttys.db
Terminal control database
devassign
Device assignment database
Files with .db extensions are in database format for efficiency. Others are
ASCII files. All the databases can be manipulated by the edauth utility.
A file entry consists of a key followed by a colon (:), a set of
field/value pairs each followed by a colon, and a terminator, chkent:. The
following is an example of a user profile entry as a single, continuous
line:
jones:u_name=jones:u_id#16:u_pwd=a78/a1.eitfn6:u_lock@:chkent:
For readability, an entry can optionally be split into multiple lines by
inserting a backslash (\) character at the end of each line and an extra
colon at the beginning of the continuation line. Continuation lines are
indented by a tab character. The split cannot separate a field/value pair,
including its terminating colon.
The following is the same entry as above, broken into multiple lines:
jones:u_name=jones:u_id#16:\
:u_pwd=a78/a1.eitfn6:\
:u_lock@:chkent:
Multiple entries are separated by a new line that is not preceded by a
continuation character. For example:
smith:u_name=smith:u_id#75:u_maxtries#9:u_retired:chkent:
jones:u_name=jones:u_id#76:u_maxtries#5:u_retired:chkent:
Each entry is referenced by the key followed by the colon (:).
At the end of each entry is the chkent field. The "chkent:" string
indicates that the entry is complete. This is used as an integrity check on
each entry by the programs that read the databases.
The field names, or capabilities, begin with an identifying prefix that
depends upon the database type. The following list of prefixes also lists
the reference page that explains the associated database:
t_ Terminal control database field. See the ttys(4) reference page.
u_ User profile (protected password) database field. See the prpasswd(4)
reference page.
v_ Device assignment database field. See the devassign(4) reference page.
d_ System default database field. Note that the system default database
can contain fields with any of the above prefixes. See the default(4)
reference page.
Fields can have numeric, Boolean, or string values:
Numeric
Numeric fields take the form fieldname#number, where number is a
decimal number, an octal number (indicated by a leading 0), or a
hexadecimal number (indicated by a leading 0X).
Boolean
Boolean fields take the form fieldname for true or fieldname@ for
false.
String
String fields take the form fieldname=string, where string is 0 (zero)
or more characters. To include the backslash (\) or colon (:)
characters in a string, surround them with the backslash (\) character.
File Locking
All databases use a lock file, the existence of which means that the file
is currently being rewritten. Occasionally, the files remain after a system
crash and must be removed manually. The lock file is formed by appending :t
to the database file name.
Fields and Flags
A program reads a database entry as a structure composed of two sub-
structures: a field sub-structure and a flag sub-structure. Each sub-
structure has one member for each potential field. A one-bit flag indicates
the presence or absence of its corresponding field in a particular entry.
The field structure contains the field values (for example, a number, a
Boolean flag, a directory string, or a mask).
FILES
/tcb/files/auth.db
Protected password database for UIDs from 0 to 99.
/var/tcb/files/auth.db
Protected password database for UIDs 100 and up.
/etc/auth/system/*
Contains the global system settings database.
SEE ALSO
Functions: getprpwent(3), getdvagent(3), getprdfent(3), getprtcent(3),
getprfient(3)
Files: default(4), devassign(4), files(4), prpasswd(4), ttys(4)
|
Index for
Section 4 |
|
|
Alphabetical
listing for A |
|
 |
Top of
page |
|