edauth(8) [ultrix man page]

edauth(8) System Manager's Manual edauth(8)

Name
edauth - edit user auth entry

Syntax
edauth username

Description
The command is an authorization editor. creates a temporary file with an ASCII representation of the current database entry for the user
specified by username and then invokes an editor on the file. You can then modify the user's fields. Upon leaving the editor, reads the
temporary file and modifies the binary database to reflect the changes made. If there are errors in the temporary file will allow the user
to resume editing the file to fix them.

The editor invoked is unless the environment variable EDITOR specifies otherwise. Here is an example of the temporary file produced by
uid = 268
password = MXP3BnKLEWW960BEJc9DbHb6
passlifemin = 1 hour
passlifemax = 60 days
passmod = 12/20/89 - 10:24:38
authmask = login,change_password,enter_password
fail_count = 0
audit_id = 268
audit_control = or
audit_syscalls = creat,unlink
audit_tevents = login:0:1
Each field of the entry is represented as a keyword followed by an equals sign. The value part of the field may be an integer, a string, a
time specification, a date, or a comma-separated list of value keywords. The effect of the field is described in

The and fields expect integer values.

The field is a string containing the encrypted password. One way of disabling an account is to set this to a non-empty string less than 24
characters in length such as `nologin'.

The and fields specify the password expiration information. They may contain an integer specifying seconds, or a combination of scaled val-
ues. The units recognized for scaling are and Only the first letter of the unit need be supplied. A of one day, one hour and five minutes
could be specified as any of:
passlifemax = 1 day 1 hour 5 minutes
passlifemax = 25 h 5 m
passlifemax = 90300 seconds
passlifemax = 90300
in addition to other combinations.

The field is a date. It is specified in the same format as the default output of the ULTRIX command. The time portion is optional and
defaults to the beginning of the day.

The and fields expect a comma-separated list of value tokens. For this is zero or more of and For the audit information this corresponds to
the name of the audit event. See the manpage for more information on audit events.

The field may be one of or See the manpage for more information on the affect of these values.

Restrictions
Only the superuser can edit entries.

Changing the entry will not affect the uid and audit information of existing login sessions.

If the uid field of the entry is changed the mapping to the file will be affected. Changes to the passwd file will probably be necessary.

Diagnostics
Various messages about incorrect input. All are self-explanatory.

Files
Contains all authorization information

Maps usernames to UIDs

See Also
audcntl(2), auth(5), auditmask(8), getauth(8), vipw(8)
Security Guide for Administrators

edauth(8)

Check Out this Related Man Page

devassign(4)						     Kernel Interfaces Manual						      devassign(4)

NAME

       devassign - Device assignment database file (Enhanced Security)

DESCRIPTION

       The system supports a single device assignment database that contains entries for login terminals and X terminals.  Authentication programs
       use information in the device assignment database to determine if a login is permitted on the terminal.	Information from the terminal con-
       trol database, /etc/auth/system/ttys.db, can also affect terminal login permissions.

       A  device  assignment database entry consists of keyword field identifiers and values for those fields.	If a necessary value is not speci-
       fied in an entry, a default value for the field is supplied from the system default file, /etc/auth/system/default.  The edauth utility	is
       used to alter device assignment database entries.

       The  format  of the terminal control database file is identical to other system authentication database files and is described in the auth-
       cap(4) reference page.  The following keyword identifiers are supported: The identifier in this field specifies a comma-separated  list	of
       aliases	that  refer  to  the  same  device defined by the entry. Use of this field avoids the need to replicate device assignment database
       entries for all device aliases.	This field is ignored if it is set in a template or in the default database.   This  field  specifies  the
       device  that  is  described  by the entry.  Device types supported include: The device is assigned as a local login terminal device.  The X
       windows display entry for handling graphics heads or X terminals.

       This field is ignored if it is set in a template or in the default database.  This field, if specified, contains a comma-separated list	of
       user names that are permitted to use the device for login or the import and export of data.  If the list is not present, all users are per-
       mitted to use the device. If the list is present, it is searched for a match by the login program to determine if the user is permitted	to
       use the device.

       This field is ignored if it is set in a template or in the default database.

EXAMPLES

       The  following example shows a device assignment database entry for a terminal device with a list of allowed users: tty0:v_devs=/dev/tty0:
	    :v_type=terminal:v_users=may,tdy,ssv,rgb:	    :chkent:

       The    following     example	shows	  a	device	   assignment	  database     entry	 for	 an	X     terminal	   device:
       local:0|local:0.0:v_devs=local:0,local:0.0:v_type=xdisplay:chkent:

FILES

       Specifies the pathname of the file.

RELATED INFORMATION

       Commands: cpio(1), login(1), tar(1), edauth(8)

       Functions: getdvagent(3)

       Files: authcap(4), default(4), ttys(4) delim off

																      devassign(4)

Linux and UNIX Man Pages

edauth(8) [ultrix man page]

Check Out this Related Man Page