ttys(4) Kernel Interfaces Manual ttys(4)NAME
ttys - terminal control database file for trusted systems
SYNOPSIS DESCRIPTION
The system supports a single terminal control database containing entries for each local terminal that can log into the system. Authentica-
tion programs use information contained in the terminal control database to determine if login from the terminal is permitted. Additional
fields are maintained for informational purposes.
The format of the terminal control database file is identical to other system authentication database files. For more information on the
file format, see authcap(4). The file consists of keyword field identifiers and values for those fields. The keyword identifiers supported
and their use include:
This field defines the terminal device name for the entry. The terminal device
is expected to be contained in the directory, therefore this prefix should not be specified. If the terminal entry
describes the device, the field should contain
This field records the user id of the last user to successfully login using
the terminal device.
This field records the last successful login time to the terminal device.
This field records the last unsuccessful login time to the terminal device.
This field records the number of consecutive unsuccessful login attempts to
the terminal device.
This field specifies the maximum number of consecutive unsuccessful login
attempts permitted using the terminal before the terminal is locked. Once the terminal is locked, it must be unlocked by
an authorized administrator.
This field specifies the login timeout value (sec).
This field specifies the delay between login tries (sec).
This flag field indicates whether the terminal device has been administratively
locked or not. This field is manipulated by authorized administrators only.
EXAMPLES
The following is an example of a terminal control database entry:
This entry is for the system console device, The most recent successful login session was for the user The entry records the system time
for the current successful login and the time of the most recent unsuccessful login attempt.
WARNINGS
Remote terminals (ptys) should not be added to the or databases. Device name formats treated as ptys by login are:
where x is a letter, and y is a hex number
where x is a letter, and y is a hex number
HP-UX 11i Version 3 is the last release to support
trusted systems functionality.
AUTHOR
was developed by HP.
FILES
Terminal control database file
SEE ALSO login(1), getprtcent(3), devassign(4), authcap(4), default(4).
TO BE OBSOLETED ttys(4)
Check Out this Related Man Page
getprtcent(3) Library Functions Manual getprtcent(3)NAME
getprtcent, getprtcnam, setprtcent, endprtcent, putprtcnam - manipulate terminal control database entry for a trusted system
SYNOPSIS DESCRIPTION
and each returns a pointer to an object with the following structure containing the broken-out fields of an entry in the terminal control
database. Each entry in the database contains a pr_term structure, declared in the header file:
struct t_field {
char fd_devname[14]; /* Terminal (or host) name */
uid_t fd_uid; /* uid of last successful login */
time_t fd_slogin; /* time stamp of successful login */
uid_t fd_uuid; /* uid of last unsuccessful login */
time_t fd_ulogin; /* time stamp of unsuccessful login */
int fd_nlogins; /* consecutive failed attempts */
int fd_max_tries; /* maximum unsuc login tries allowed */
time_t fd_logdelay; /* delay between login tries */
char fd_lock; /* terminal locked? */
int fd_login_timeout; /* login timeout in seconds */
};
struct t_flag {
unsigned short
fg_devname:1, /* Is fd_devname set? */
fg_uid:1, /* Is fd_uid set? */
fg_slogin:1, /* Is fd_stime set? */
fg_uuid:1, /* Is fd_uuid set? */
fg_ulogin:1, /* Is fd_ftime set? */
fg_nlogins:1, /* Is fd_nlogins set? */
fg_max_tries:1, /* Is fd_max_tries set? */
fg_logdelay:1, /* Is fd_logdelay set? */
fg_lock:1, /* Is fd_lock set? */
fg_login_timeout:1 /* is fd_login_timeout valid? */
;
};
struct pr_term {
struct t_field ufld;
struct t_flag uflg;
struct t_field sfld;
struct t_flag sflg;
};
The system stores the user ID and time of the last successful login ( fd_uid and fd_slogin) and unsuccessful login ( fd_uuid and fd_ulogin)
in the appropriate Terminal Control database entry. The system increments fd_nlogins with each unsuccessful login, and resets the field to
0 on a successful login. The fd_max_tries field is a limit on the number of unsuccessful logins until the account is locked. An adminis-
trative lock can also be applied, indicated by a non-zero fd_lock field. fd_logdelay stores the amount of time (in seconds) that the sys-
tem waits between unsuccessful login attempts, and fd_login_timeout stores the number of seconds from the beginning of an authentication
attempt until the login attempt is terminated.
Note that ufld and uflg refer to user-specific entries, and sfld and sflg refer to the system default values (see authcap(4)).
The value returned by or refers to a structure that is overwritten by calls to these routines. To retrieve an entry, modify it, and
replace it in the database, copy the entry using structure assignment and supply the modified buffer to
returns a pointer to the first terminal pr_term structure in the database when first called. Thereafter, it returns a pointer to the next
pr_term structure in the database, so successive calls can be used to search the database. searches from the beginning of the database
until a terminal name matching name is found, and returns a pointer to the particular structure in which it was found. If an end-of-file
or an error is encountered on reading, these functions return a NULL pointer.
A call to has the effect of rewinding the Terminal Control database to allow repeated searches. can be called to close the Terminal Con-
trol database when processing is complete.
puts a new or replaced terminal control entry pr with key name into the database. If the fg_devname field is 0, the requested entry is
deleted from the Terminal Control database. locks the database for all update operations, and performs an after the update or failed
attempt.
APPLICATION USAGE
In a multithreaded application, these routines are safe to be called only from one dedicated thread. These routines are not POSIX.1c
async-cancel safe nor async-signal safe.
RETURN VALUE
and return NULL pointers on or error. returns 0 if it cannot add or update the entry.
NOTES
The fd_devname field, on systems supporting connections, may refer to the ASCII representation of a host name. This can be determined by
using (see getdvagent(3)) to interrogate the Device Assignment database as to the type of the device, passing in the fd_devname field of
the Terminal Control structure as an argument. This allows lockout by machine, instead of the device (typically pseudo tty) on which the
session originated.
Programs using these routines must be compiled with
The sfld and sflg structures are filled from corresponding fields in the system default database. Thus, a program can easily extract the
user-specific or system-wide parameters for each database field (see getprpwent and getdvagent).
WARNINGS
HP-UX 11i Version 3 is the last release to support trusted systems functionality.
FILES
Terminal Control database
System Defaults database
SEE ALSO getprdfent(3), authcap(4), ttys(4).
TO BE OBSOLETED getprtcent(3)