auth(5) File Formats Manual auth(5)Name
auth - auth database
Description
The database is a repository of security-relevant information about each user of the system. This database contains the encrypted password
associated with the user's account in addition to a list of assorted capabilities. The database is stored as an database in the files and
Records are retrieved with the library routine. Access to the database is restricted to the superuser and members of the group
Auth records may be converted to an ASCII representation whose format is:
1000:4KvidFYwovnwp3j8lll78dC1:1920129:3600:2678400:03:0:1000:0:00:00
The first field is the UID of the entry that is used as the key into the database. Then follows:
Encrypted Password
This is the user's encrypted password. Whether this password or the one from the file is actually used is determined by the
security level that the system is running at.
Password Modification Time
This is the time(2) the password was last set.
Minimum Password Lifetime
This is the minimum number of seconds which must elapse between setting passwords.
Maximum Password Lifetime
This is the maximum period of time for which the password will be valid.
Account Mask These are capabilities pertaining to the account itself. They are:
1 A_ENABLE: this account is enabled.
2 A_CHANGE_PASSWORD: The user can change his or her password.
4 A_ENTER_PASSWORD: The user is not required to use machine-generated passwords.
Login Failure Count
This is the count of unsuccessful login attempts since the last successful login.
Audit ID Positive integer identifier used in generating audit records for the user.
Audit Control See the reference page, SET_APROC_CNTL section for more information.
Audit Mask Determines which events will be audited for the user. See the and reference pages for more information.
Restrictions
Only the superuser and members of the group may read information from the auth database. Only the superuser may modify the auth database.
FilesSee Alsoaudcntl(2), getauthuid(3), getpwent(3), edauth(8)auth(5)
Check Out this Related Man Page
getauth(8) System Manager's Manual getauth(8)Name
getauth, setauth, rmauth - auth database maintenance
Syntax
getauth [username]
setauth
rmauth username
Description
The command takes as it's only argument a user name or UID. If a user name is supplied it is converted to a UID by searching through The
UID is then used to look up the users entry in the database. If an entry is found it is converted to an ASCII string with a syntax resem-
bling that of the passwd file and printed out as a single line. If no entry is found nothing is printed and an exit status of `1' is
returned.
# getauth username
1000:idvidfy8d:1920129:3600:2678400:0e:0:1000:0:00:00
The first field is the UID of the entry which is used as the key into the database. Then follows: the encrypted password, password modifi-
cation time, minimum password lifetime, maximum password lifetime, account mask, login failure count, audit ID, audit control, audit mask,
and a reserved field.
If the optional username argument is not supplied to getauth it will produce an output line for every entry in the auth database.
The command expects one or more lines from the standard input which must be of a form identical to that produced by the command. The com-
mand converts and stores these lines into the database, one entry per line, replacing any entry already existing for the given UID. By
piping the output of the command into the input of the command an expensive NOP can be produced:
# /usr/etc/sec/getauth | /usr/etc/sec/setauth
The command expects exactly one argument, the user name or UID of an auth entry to be deleted. If the entry is found it is erased and
deleted. If it is not found no action is taken and an exit status of 1 is returned.
Restrictions
Only the superuser and members of the group may read information from the auth database. Only the superuser may modify the auth database.
Diagnostics
An exit value of 0 indicates a successful operation. An exit status of 1 indicates the entry was not found on a lookup or deletion opera-
tion. Any other exit status indicates an error.
FilesSee Alsogetauthuid(3), getpwent(3), auth(5), edauth(8)
Security Guide for Administrators
getauth(8)