Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX Reference > A

authcap(4)

TO BE OBSOLETED
HP-UX 11i Version 3: February 2007
» 

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index

NAME

authcap — security databases for trusted systems

SYNOPSIS

/tcb/files/auth/* /tcb/files/auth/system/*

DESCRIPTION

All security-relevant databases are stored in an ASCII format in the file system. This format is converted to binary structures by support routines described in Section 3 manpages. This manpage describes the format of these databases, and describes the philosophy of conversion into data structures.

Hierarchy Structure

The complete database resides in two hierarchies: /tcb/files/auth/* and /tcb/files. The first hierarchy contains the Protected Password database, and has subdirectories with single letter names, each of which is a starting letter for user names. Within each of these directories are regular files, each containing an authcap(4) format file containing the Protected Password entry for a particular user. Thus, all user names beginning with x have their respective authentication and identity information in a file in directory /tcb/files/auth/x.

Directories within /tcb/files/auth/system and /tcb/files contain system-wide information. Global system settings reside in directory /tcb/files/auth/system. Terminal and device assignment files are located in directory /tcb/files.

The following database files reside in directory system:

default

Default Control

The following database files reside in directory /tcb/files:

ttys

Terminal Control

devassign

Device Assignment

File Format

Each data file (/tcb/files/auth/system and /tcb/files) has the same format. Each file consists of one virtual line, optionally split into multiple physical lines with the \ character present at the end of all lines except the last. For example, the line

smk:u_name=smk:u_id#16:u_pwd=a78/a1.eitfn6:chkent:

can be split into:

smk:u_name=smk:u_id#16:\ :u_pwd=a78/a1.eitfn6:\ :chkent:

Note that all capabilities must be immediately preceded and followed with the : separator. Multiple line entries require : at the end of each line and at the beginning of each continuation line in the entry. Continuation lines are indented by a tab character. Multiple entries are separated by a new-line character that is not preceded by a continuation character:

daa:u_name=daa:u_id#75:u_maxtries#9:chkent: smk:u_name=smk:u_id#76:u_maxtries#5:chkent:

Line Format

The format of a line is briefly as follows:

name:cap1:cap2:cap3:...:capn:chkent:

The entry is referenced by the name. The end of the name part of the entry is terminated by the : character.

At the end of each entry is the chkent field. This is used as an integrity check on each entry. The authcap routines reject all entries that do not contain the chkent terminator.

Each entry has 0 or more capabilities, each terminated with the : character. Each capability has a unique name. Numeric capabilities have the format:

id#num

where num is a decimal or (0-preceded) octal number. Boolean capabilities have the format:

  • id

or

  • id@

where the first form signals the presence of the capability and the second form signals the absence of the capability. String capabilities have the format:

id=string

where string is 0 or more characters. The \ and : characters are escaped as \\ and \: respectively.

File Locking

All databases use a lock file, the existence of which means that the file is currently being rewritten. Occasionally, the lock files remain after a system crash and must be removed manually. The lock file is formed by appending -t to the database file name.

Fields/Flags

All databases are converted into structures by programs. The data structures consist of two substructures, each of which has one member for each field in the database entry. The field structure contains a field value (for example, a number, a boolean flag, a directory string, or a mask), while the flag value (one bit) indicates the presence or absence of the field in that entry.

WARNINGS

HP-UX 11i Version 3 is the last release to support trusted systems functionality.

AUTHOR

authcap was developed by HP.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.