authcap(4) Kernel Interfaces Manual authcap(4)
NAME
authcap - security databases for trusted systems
SYNOPSIS
DESCRIPTION
All security-relevant databases are stored in an ASCII format in the file system. This format is converted to binary structures by support
routines described in Section 3 manpages. This manpage describes the format of these databases, and describes the philosophy of conversion
into data structures.
Hierarchy Structure
The complete database resides in two hierarchies: and The first hierarchy contains the Protected Password database, and has subdirectories
with single letter names, each of which is a starting letter for user names. Within each of these directories are regular files, each con-
taining an authcap(4) format file containing the Protected Password entry for a particular user. Thus, all user names beginning with have
their respective authentication and identity information in a file in directory
Directories within and contain system-wide information. Global system settings reside in directory Terminal and device assignment files
are located in directory
The following database files reside in directory
Default Control
The following database files reside in directory
Terminal Control
Device Assignment
File Format
Each data file and has the same format. Each file consists of one virtual line, optionally split into multiple physical lines with the
character present at the end of all lines except the last. For example, the line
can be split into:
Note that all capabilities must be immediately preceded and followed with the separator. Multiple line entries require at the end of each
line and at the beginning of each continuation line in the entry. Continuation lines are indented by a tab character. Multiple entries
are separated by a new-line character that is not preceded by a continuation character:
Line Format
The format of a line is briefly as follows:
The entry is referenced by the name. The end of the name part of the entry is terminated by the character.
At the end of each entry is the chkent field. This is used as an integrity check on each entry. The routines reject all entries that do
not contain the chkent terminator.
Each entry has 0 or more capabilities, each terminated with the character. Each capability has a unique name. Numeric capabilities have
the format:
where num is a decimal or (0-preceded) octal number. Boolean capabilities have the format:
id
or
id@
where the first form signals the presence of the capability and the second form signals the absence of the capability. String capabilities
have the format:
where string is 0 or more characters. The and characters are escaped as and respectively.
File Locking
All databases use a lock file, the existence of which means that the file is currently being rewritten. Occasionally, the lock files
remain after a system crash and must be removed manually. The lock file is formed by appending to the database file name.
Fields/Flags
All databases are converted into structures by programs. The data structures consist of two substructures, each of which has one member
for each field in the database entry. The field structure contains a field value (for example, a number, a boolean flag, a directory
string, or a mask), while the flag value (one bit) indicates the presence or absence of the field in that entry.
WARNINGS
HP-UX 11i Version 3 is the last release to support trusted systems functionality.
AUTHOR
was developed by HP.
SEE ALSO
getdvagent(3), getprdfent(3), getprpwent(3), getprtcent(3), default(4), devassign(4), prpwd(4), ttys(4).
TO BE OBSOLETED authcap(4)