 |
Index for
Section 4 |
|
 |
Alphabetical
listing for T |
|
 |
Bottom of
page |
|
ttys(4)
NAME
ttys - Terminal control database file (Enhanced Security)
DESCRIPTION
Notes
The secure terminal database file, /etc/securettys, controls root
logins for all security levels. The file is described in the
securettys(4) reference page.
By default, the enhanced security terminal control information is
stored in database format (ttys.db). The information was formerly
stored in the ttys file and is converted to database format in an
update installation. The convauth utility converts an existing ttys
file to database format.
The enhanced security terminal control database (ttys.db) contains an entry
for each terminal or X displayname that can be used for logging in. It
supports wildcarding of the entire terminal name or displayname only.
Authentication programs use information in the terminal control database to
determine if a login is permitted on the specified terminal. Information
from the device assignment database (/etc/auth/system/devassign) can also
affect terminal login permissions. Successful and unsuccessful login
attempts on the terminal are optionally recorded in the terminal control
database, and the information can be used to disable terminal logins when
breakin attempts are suspected.
The /usr/tcb/bin/dxdevices GUI provides a way to create terminal control
database entries and to alter the system default values for the fields. The
edauth utility can also be used to display and modify terminal control
database entries.
A terminal control database entry consists of keyword field identifiers and
values for those fields. If a necessary value is not specified in an entry,
a default value for the field is supplied from the system default file
(/etc/auth/system/default). For more information on the field format, see
authcap(4).
The following keyword field identifiers are supported:
t_devname
This field defines the terminal device name for the entry. The system
expects that terminal devices are in the /dev directory and therefore
this prefix should not be specified. If the terminal entry describes
the /dev/tty1 device, the t_devname field should contain tty1. This
field is ignored if it is set in a template or in the default database.
t_uid
This field contains the user ID of the last user who successfully
logged in using the terminal device. This field is ignored if it is
set in a template or in the default database.
t_logtime
This field is a time_t value that records the last successful login
time to the terminal device. This field is ignored if it is set in a
template or in the default database.
t_unsucuid
This field contains the user ID of the last user who unsuccessfully
attempted to log in using the terminal device. This field is ignored if
it is set in a template or in the default database.
t_unsuctime
This field is a time_t value that records the last unsuccessful login
time to the terminal device. This field is ignored if it is set in a
template or in the default database.
t_prevuid
This field contains the user ID of the user who successfully logged in
before the user identified in the t_uid field. This represents the UID
of the previous login session. This field is ignored if it is set in a
template or in the default database.
t_prevtime
This field is a time_t value that contains the system time of last
logout associated with this terminal device. This value marks the end
of the previous login session associated with the user identified by
t_prevuid.
t_failures
This field records the number of consecutive unsuccessful login
attempts to the terminal device. This field is ignored if it is set in
a template or in the default database.
t_maxtries
This field specifies the maximum number of consecutive unsuccessful
login attempts permitted using the terminal before the terminal is
locked. Once the terminal is locked, it must be unlocked by an
authorized administrator.
t_logdelay
This field is a time_t value that identifies the login delay enforced
by authentication programs between unsuccessful login attempts. This
field is designed to slow the rate at which penetration attempts on a
terminal device can occur.
t_lock
This field indicates whether the terminal device has been
administratively locked. This field is manipulated by authorized
administrators only.
t_unlock
This field specifies the time interval in seconds after t_unsuctime to
wait before ignoring t_failures. Zero means never ignore t_failures.
t_login_timeout
This field specifies the login time-out value in seconds. If a login
attempt is initiated by entering a user name at the login prompt but
successful authentication is not completed within the time-out interval
specified, the login attempt is aborted.
t_xdisplay
This field indicates that the entry is an X window display managed by
xdm, rather than a terminal device. This field is ignored if it is set
in a template or in the default database.
EXAMPLES
The following example shows a typical terminal control database entry:
console:t_devname=console:
:t_uid=jdoe:t_logtime#675430072:
:t_unsucuid=jdoe:t_unsuctime#673610809:
:t_prevuid=root:t_prevtime#671376915:
:chkent:
This entry is for the system console device, /dev/console. The most recent
successful login session was for the user jdoe. The most recent
unsuccessful login attempt was also by user jdoe. Before the most recent
successful login session, the root account was used to log in to the
console. The entry records the system time for the current successful
login, the end of the previous successful login session, and the time of
the most recent unsuccessful login attempt.
FILES
/etc/auth/system/ttys.db
Specifies the pathname of the database.
SEE ALSO
Commands: login(1)
Functions: getprtcent(3)
Files: authcap(4), default(4), securettys(4)
|
Index for
Section 4 |
|
|
Alphabetical
listing for T |
|
 |
Top of
page |
|