*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> authcap (4)              



NAME    [Toc]    [Back]

       authcap - Format of security databases (Enhanced Security)

DESCRIPTION    [Toc]    [Back]

       The security-relevant databases used by the enhanced security
  subsets  include  the user profile databases (and by
       extension thier optional NIS map source files),  the  file
       control  database, the terminal control and device assignment
 databases, and the system default database.

       This reference page describes  the  location  and  general
       format  of  these databases. A specific reference page for
       each database describes its fields.

       The user profile databases (sometimes referred to  as  the
       protected  password database) reside in /tcb/files/auth.db
       and   /var/tcb/files/auth.db.    The    /tcb/files/auth.db
       database  contains  information for UIDs from 0 to 99. The
       /var/tcb/files/auth.db database contains  information  for
       UIDs 100 and up.

       All  other  databases  reside  in /etc/auth/system.  These
       include: System default database of global  (or  template)
       values  for users and devices.  File control database Terminal
 control database Device assignment database

       Files with extensions are in  database  format  for  efficiency.
  Others  are ASCII files. All the databases can be
       manipulated by the edauth utility.

       A file entry consists of a key followed by a colon (:),  a
       set  of  field/value pairs each followed by a colon, and a
       terminator, chkent:.  The following is  an  example  of  a
       user profile entry as a single, continuous line:


       For readability, an entry can  optionally  be  split  into
       multiple  lines  by inserting a backslash (\) character at
       the end of each line and an extra colon at  the  beginning
       of  the continuation line. Continuation lines are indented
       by  a  tab  character.  The  split   cannot   separate   a
       field/value pair, including its terminating colon.

       The following is the same entry as above, broken into multiple

       jones:u_name=jones:u_id#16:\        :u_pwd=a78/a1.eitfn6:\

       Multiple  entries  are separated by a new line that is not
       preceded by a continuation character. For example:


       Each  entry is referenced by the key followed by the colon

       At the  end  of  each  entry  is  the  chkent  field.  The
       "chkent:"  string  indicates  that  the entry is complete.
       This is used as an integrity check on each  entry  by  the
       programs that read the databases.

       The  field names, or capabilities, begin with an identifying
 prefix that depends upon the database type.  The  following
 list of prefixes also lists the reference page that
       explains  the  associated   database:   Terminal   control
       database field. See the ttys(4) reference page.  User profile
  (protected  password)  database   field.   See   the
       prpasswd(4)  reference  page.   Device assignment database
       field.  See  the  devassign(4)  reference  page.    System
       default  database  field.  Note  that  the  system default
       database can contain fields with any  of  the  above  prefixes.
 See the default(4) reference page.

       Fields  can  have  numeric,  Boolean,  or  string  values:
       Numeric fields take the form fieldname#number, where  number
  is  a decimal number, an octal number (indicated by a
       leading 0), or a hexadecimal number (indicated by a  leading
  0X).  Boolean fields take the form fieldname for true
       or fieldname@ for false.   String  fields  take  the  form
       fieldname=string, where string is 0 (zero) or more characters.
 To include the backslash (\) or colon (:) characters
       in  a string, surround them with the backslash (\) character.

   File Locking    [Toc]    [Back]
       All databases use a lock  file,  the  existence  of  which
       means  that  the  file is currently being rewritten. Occasionally,
 the files remain after a system crash  and  must
       be  removed manually. The lock file is formed by appending
       :t to the database file name.

   Fields and Flags    [Toc]    [Back]
       A program reads a database entry as a  structure  composed
       of  two  sub-structures:  a field sub-structure and a flag
       sub-structure. Each sub-structure has one member for  each
       potential  field. A one-bit flag indicates the presence or
       absence of its corresponding field in a particular  entry.
       The  field  structure contains the field values (for example,
 a number, a Boolean flag, a directory  string,  or  a

FILES    [Toc]    [Back]

       Protected  password  database for UIDs from 0 to 99.  Protected
 password database for UIDs 100  and  up.   Contains
       the global system settings database.

SEE ALSO    [Toc]    [Back]

       Functions:  getprpwent(3),  getdvagent(3),  getprdfent(3),
       getprtcent(3), getprfient(3)

       Files: default(4),  devassign(4),  files(4),  prpasswd(4),

[ Back ]
 Similar pages
Name OS Title
db_dump Tru64 Reads and writes the security databases (Enhanced Security)
db_dump185 Tru64 Reads and writes the security databases (Enhanced Security)
authck Tru64 Checks internal consistency of the authentication databases (Enhanced Security)
convauth Tru64 convert security authorization databases into database format
db_archive Tru64 displays security database log files no longer involved in active transactions (Enhanced Security)
secsetup Tru64 Security features setup graphical interface (Enhanced Security)
secconfig Tru64 Security features setup graphical interface (Enhanced Security)
db_checkpoint Tru64 Periodically checkpoint the security database log (Enhanced Security)
authcap HP-UX security databases for trusted systems
getluid Tru64 Get or set the login UID (Enhanced Security)
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service