 |
Index for Section 4 |
|
 |
Alphabetical listing for A |
|
authcap(4)
NAME
authcap - Format of security databases (Enhanced Security)
DESCRIPTION
All security-relevant databases are stored in an ASCII format in the file
system. This reference page describes the format of these databases.
Structure of the Hierarchies
The complete database resides in two hierarchies: /tcb/files/authdb and
/var/tcb/files/auth.db, and /etc/auth.
The first hierarchy (/tcb/files/auth.db and /var/tcb/files/auth.db)
contains the protected password databases. The /tcb/files/auth.db database
contains information for UIDs from 0 to 99. The /var/tcb/files/auth.db
database contains information for UIDs 0 and up.
The second hierarchy (/etc/auth) contains system-wide information. The
global system settings reside in the /etc/auth/system directory, which
contains the following database files:
default Default control database
files File control database
ttys.db Terminal control database
devassign Device assignment database
Format of a File
Each database file consists of a single, continuous line, optionally split
into multiple lines with the backslash (\) character. The last line is not
terminated by a backslash. The following is an example of a single,
continuous line:
smk:u_name=smk:u_id#16:u_pwd=a78/a1.eitfn6:u_lock@:chkent:
The following is the line from above broken into multiple lines:
smk:u_name=smk:u_id#16:\
:u_pwd=a78/a1.eitfn6:\
:u_lock@:chkent:
All capabilities must be immediately preceded and followed by a colon (:)
separator. Entries broken into multiple lines require a colon (and a
backslash) at the end of each line and a colon at the beginning of each
continuation line in the entry. Continuation lines are indented by a tab
character.
Multiple entries are separated by a new line that is not preceded by a
continuation character. For example:
daa:u_name=daa:u_id#75:u_maxtries#9:u_retired:chkent:
smk:u_name=smk:u_id#76:u_maxtries#5:u_retired:chkent:
Format of a Line
The format of a line is as follows:
name:cap1:cap2:...:capn:chkent:
Each entry is referenced by the name followed by the colon (:) character.
At the end of each entry is the chkent field. The "chkent" string
indicates that the entry is complete. This is used as an integrity check
on each entry by the programs that read the databases.
The names of the capabilities depend on the database. Capabilities can have
numeric, Boolean, or string values. Numeric capabilities have the format
name#num, where num is a decimal number, an octal number (indicated by a
leading 0), or a hexadecimal number (indicated by a leading 0X). Boolean
capabilities have the format name or name@, where the first form signals
the presence of the capability and the second form signals the absence of
the capability. String capabilities have the format name=string, where
string is 0 (zero) or more characters. In a string, the backslash (\) and
colon (:) characters can be escaped with backslash (\) character.
File Locking
All databases use a lock file, the existence of which means that the file
is currently being rewritten. Occasionally, the files remain after a system
crash and must be removed manually. The lock file is formed by appending :t
to the database file name.
Fields and Flags
All databases are converted into structures by programs. The data
structures consist of two substructures, each of which has one member for
each field in the database entry. The field structure contains a field
value (for example, a number, a Boolean flag, a directory string, or a
mask), while the flag value (one bit) indicates the presence or absence of
the field in that entry.
FILES
/tcb/files/auth.db
Protected password database for UIDs from 0 to 99.
/var/tcb/files/auth.db
Protected password database for UIDs 100 and up.
/tcb/files/auth/*/*
Old protected password database
/etc/auth/system/*
Contains the global system settings database.
RELATED INFORMATION
Functions: getprpwent(3), getdvagent(3), getprdfent (3), getprtcent(3),
getprfient(3)
Files: default(4), devassign(4), files(4), prpasswd(4), ttys(4)