United States-English |
|
|
HP-UX Reference > Pprpwd(4)TO BE OBSOLETEDHP-UX 11i Version 3: February 2007 |
|
NAMEprpwd — protected password authentication database files used for trusted systems DESCRIPTIONAn authentication profile is maintained for each user on the system. A user profile is kept in a protected password database file that is accessible only to the System Administrator. The protected password database files contain among other things the encrypted password for the user account. On a trusted system, the passwords are hidden from normal users. The protected password database files do not obviate the need for the /etc/passwd and the /etc/group files. Users must be defined in the /etc/passwd file in order to use the system. The protected password database file for a user contains the user name and user id to provide a correlation to the user's /etc/passwd entry. These must match or the user account will be treated as invalid. Protected password database files are maintained in the /tcb/files/auth hierarchy. This directory contains other directories each named with a single letter from the alphabet. User authentication profiles are stored in these directories based on the first letter of the user account name. This enables an efficient search operation to locate the file for a specific user name. For instance, the authentication profile for the root account is located in the /tcb/files/auth/r directory and can be accessed by opening the file /tcb/files/auth/r/root. Fields defined in a file are user specific values. These values override the system default values. Trusted programs check first for the existence of user specific parameters before using a system default value. A protected password database file contains keyword field identifiers and, depending on the field type, a value for that field (certain field types do not require an explicit value). The exact syntax for field specifications is described in authcap(4). Field specification is consistent for all system authentication databases. The keyword field identifiers supported by the protected password database file and their associated function are given in the following descriptions:
NotesThe getprpwent(3) routines are used to parse the protected password database files into a structure that can used by programs. A flag in the structure indicates whether a particular field in the structure and hence the field is defined. System default values are also provided in the structure. These values are derived from the /tcb/files/auth/system/default field and can be used by programs in the absence of a user specific value. EXAMPLESThe following is an example of a typical protected password database file: perry:u_name=perry:u_id#101:\ :u_pwd=aZXtu1kmSpEzm:\ :u_minchg#0:u_succhg#653793862:u_unsucchg#622581606:u_nullpw:\ :u_suclog#671996425:u_suctty=tty1:\ :u_unsuclog#660768767:u_unsuctty=tty1:\ :u_maxtries#3:chkent: This protected password database file is for the user perry. The user ID for perry is 101. This value must match the /etc/passwd entry for this user. The account has a password and its encrypted form is specified by the u_pwd field. The database file specifies a minimum password change time of 0, indicating the password can be changed at any time. Furthermore, the account is permitted to have a null password (u_nullpw). The account has a maximum consecutive unsuccessful login threshold of 3 attempts indicating that the account will be locked after three failed attempts (u_maxtries). The remaining fields provide account information such as the last successful and unsuccessful password change times as well as the last successful and unsuccessful login times and terminal names. |
Printable version | ||
|