authcap(4) Kernel Interfaces Manual authcap(4)
NAME
authcap - Format of security databases (Enhanced Security)
DESCRIPTION
The security-relevant databases used by the enhanced security subsets include the user profile databases (and by extension thier optional
NIS map source files), the file control database, the terminal control and device assignment databases, and the system default database.
This reference page describes the location and general format of these databases. A specific reference page for each database describes
its fields.
The user profile databases (sometimes referred to as the protected password database) reside in /tcb/files/auth.db and
/var/tcb/files/auth.db. The /tcb/files/auth.db database contains information for UIDs from 0 to 99. The /var/tcb/files/auth.db database
contains information for UIDs 100 and up.
All other databases reside in /etc/auth/system. These include: System default database of global (or template) values for users and
devices. File control database Terminal control database Device assignment database
Files with .db extensions are in database format for efficiency. Others are ASCII files. All the databases can be manipulated by the
edauth utility.
A file entry consists of a key followed by a colon (:), a set of field/value pairs each followed by a colon, and a terminator, chkent:.
The following is an example of a user profile entry as a single, continuous line:
jones:u_name=jones:u_id#16:u_pwd=a78/a1.eitfn6:u_lock@:chkent:
For readability, an entry can optionally be split into multiple lines by inserting a backslash () character at the end of each line and an
extra colon at the beginning of the continuation line. Continuation lines are indented by a tab character. The split cannot separate a
field/value pair, including its terminating colon.
The following is the same entry as above, broken into multiple lines: jones:u_name=jones:u_id#16: :u_pwd=a78/a1.eitfn6: :u_lock@:chkent:
Multiple entries are separated by a new line that is not preceded by a continuation character. For example:
smith:u_name=smith:u_id#75:u_maxtries#9:u_retired:chkent: jones:u_name=jones:u_id#76:u_maxtries#5:u_retired:chkent:
Each entry is referenced by the key followed by the colon (:).
At the end of each entry is the chkent field. The "chkent:" string indicates that the entry is complete. This is used as an integrity
check on each entry by the programs that read the databases.
The field names, or capabilities, begin with an identifying prefix that depends upon the database type. The following list of prefixes
also lists the reference page that explains the associated database:
t_ Terminal control database field. See the ttys(4) reference page.
u_ User profile (protected password) database field. See the prpasswd(4) reference page.
v_ Device assignment database field. See the devassign(4) reference page.
d_ System default database field. Note that the system default database can contain fields with any of the above prefixes. See the
default(4) reference page.
Fields can have numeric, Boolean, or string values:
Numeric Numeric fields take the form fieldname#number, where number is a decimal number, an octal number (indicated by a leading 0), or a
hexadecimal number (indicated by a leading 0X).
Boolean Boolean fields take the form fieldname for true or fieldname@ for false.
String String fields take the form fieldname=string, where string is 0 (zero) or more characters. To include the backslash ( or colon
(:) characters in a string, surround them with the backslash ( character.
File Locking
All databases use a lock file, the existence of which means that the file is currently being rewritten. Occasionally, the files remain
after a system crash and must be removed manually. The lock file is formed by appending :t to the database file name.
Fields and Flags
A program reads a database entry as a structure composed of two sub-structures: a field sub-structure and a flag sub-structure. Each sub-
structure has one member for each potential field. A one-bit flag indicates the presence or absence of its corresponding field in a par-
ticular entry. The field structure contains the field values (for example, a number, a Boolean flag, a directory string, or a mask).
FILES
Protected password database for UIDs from 0 to 99. Protected password database for UIDs 100 and up. Contains the global system settings
database.
RELATED INFORMATION
Functions: getprpwent(3), getdvagent(3), getprdfent(3), getprtcent(3), getprfient(3)
Files: default(4), devassign(4), files(4), prpasswd(4), ttys(4) delim off
authcap(4)