authcap - Format of security databases (Enhanced Security)
The security-relevant databases used by the enhanced security
subsets include the user profile databases (and by
extension thier optional NIS map source files), the file
control database, the terminal control and device assignment
databases, and the system default database.
This reference page describes the location and general
format of these databases. A specific reference page for
each database describes its fields.
The user profile databases (sometimes referred to as the
protected password database) reside in /tcb/files/auth.db
and /var/tcb/files/auth.db. The /tcb/files/auth.db
database contains information for UIDs from 0 to 99. The
/var/tcb/files/auth.db database contains information for
UIDs 100 and up.
All other databases reside in /etc/auth/system. These
include: System default database of global (or template)
values for users and devices. File control database Terminal
control database Device assignment database
Files with extensions are in database format for efficiency.
Others are ASCII files. All the databases can be
manipulated by the edauth utility.
A file entry consists of a key followed by a colon (:), a
set of field/value pairs each followed by a colon, and a
terminator, chkent:. The following is an example of a
user profile entry as a single, continuous line:
jones:u_name=jones:u_id#16:u_pwd=a78/a1.eitfn6:u_lock@:chkent:
For readability, an entry can optionally be split into
multiple lines by inserting a backslash (\) character at
the end of each line and an extra colon at the beginning
of the continuation line. Continuation lines are indented
by a tab character. The split cannot separate a
field/value pair, including its terminating colon.
The following is the same entry as above, broken into multiple
lines:
jones:u_name=jones:u_id#16:\ :u_pwd=a78/a1.eitfn6:\
:u_lock@:chkent:
Multiple entries are separated by a new line that is not
preceded by a continuation character. For example:
smith:u_name=smith:u_id#75:u_maxtries#9:u_retired:chkent:
jones:u_name=jones:u_id#76:u_maxtries#5:u_retired:chkent:
Each entry is referenced by the key followed by the colon
(:).
At the end of each entry is the chkent field. The
"chkent:" string indicates that the entry is complete.
This is used as an integrity check on each entry by the
programs that read the databases.
The field names, or capabilities, begin with an identifying
prefix that depends upon the database type. The following
list of prefixes also lists the reference page that
explains the associated database: Terminal control
database field. See the ttys(4) reference page. User profile
(protected password) database field. See the
prpasswd(4) reference page. Device assignment database
field. See the devassign(4) reference page. System
default database field. Note that the system default
database can contain fields with any of the above prefixes.
See the default(4) reference page.
Fields can have numeric, Boolean, or string values:
Numeric fields take the form fieldname#number, where number
is a decimal number, an octal number (indicated by a
leading 0), or a hexadecimal number (indicated by a leading
0X). Boolean fields take the form fieldname for true
or fieldname@ for false. String fields take the form
fieldname=string, where string is 0 (zero) or more characters.
To include the backslash (\) or colon (:) characters
in a string, surround them with the backslash (\) character.
File Locking [Toc] [Back]
All databases use a lock file, the existence of which
means that the file is currently being rewritten. Occasionally,
the files remain after a system crash and must
be removed manually. The lock file is formed by appending
:t to the database file name.
Fields and Flags [Toc] [Back]
A program reads a database entry as a structure composed
of two sub-structures: a field sub-structure and a flag
sub-structure. Each sub-structure has one member for each
potential field. A one-bit flag indicates the presence or
absence of its corresponding field in a particular entry.
The field structure contains the field values (for example,
a number, a Boolean flag, a directory string, or a
mask).
Protected password database for UIDs from 0 to 99. Protected
password database for UIDs 100 and up. Contains
the global system settings database.
Functions: getprpwent(3), getdvagent(3), getprdfent(3),
getprtcent(3), getprfient(3)
Files: default(4), devassign(4), files(4), prpasswd(4),
ttys(4)
authcap(4)
[ Back ] |