edauth(8) System Manager's Manual edauth(8)
edauth - edit user auth entry
The command is an authorization editor. creates a temporary file with an ASCII representation of the current database entry for the user
specified by username and then invokes an editor on the file. You can then modify the user's fields. Upon leaving the editor, reads the
temporary file and modifies the binary database to reflect the changes made. If there are errors in the temporary file will allow the user
to resume editing the file to fix them.
The editor invoked is unless the environment variable EDITOR specifies otherwise. Here is an example of the temporary file produced by
uid = 268
password = MXP3BnKLEWW960BEJc9DbHb6
passlifemin = 1 hour
passlifemax = 60 days
passmod = 12/20/89 - 10:24:38
authmask = login,change_password,enter_password
fail_count = 0
audit_id = 268
audit_control = or
audit_syscalls = creat,unlink
audit_tevents = login:0:1
Each field of the entry is represented as a keyword followed by an equals sign. The value part of the field may be an integer, a string, a
time specification, a date, or a comma-separated list of value keywords. The effect of the field is described in
The and fields expect integer values.
The field is a string containing the encrypted password. One way of disabling an account is to set this to a non-empty string less than 24
characters in length such as `nologin'.
The and fields specify the password expiration information. They may contain an integer specifying seconds, or a combination of scaled val-
ues. The units recognized for scaling are and Only the first letter of the unit need be supplied. A of one day, one hour and five minutes
could be specified as any of:
passlifemax = 1 day 1 hour 5 minutes
passlifemax = 25 h 5 m
passlifemax = 90300 seconds
passlifemax = 90300
in addition to other combinations.
The field is a date. It is specified in the same format as the default output of the ULTRIX command. The time portion is optional and
defaults to the beginning of the day.
The and fields expect a comma-separated list of value tokens. For this is zero or more of and For the audit information this corresponds to
the name of the audit event. See the manpage for more information on audit events.
The field may be one of or See the manpage for more information on the affect of these values.
Only the superuser can edit entries.
Changing the entry will not affect the uid and audit information of existing login sessions.
If the uid field of the entry is changed the mapping to the file will be affected. Changes to the passwd file will probably be necessary.
Various messages about incorrect input. All are self-explanatory.
Contains all authorization information
Maps usernames to UIDs
audcntl(2), auth(5), auditmask(8), getauth(8), vipw(8)
Security Guide for Administrators