Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ prpwd(4) — Digital UNIX 3.2c

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

login(1)

passwd(1)

auditmask(8)

authck(8)

nice(3)

acceptable_password(3)

getprpwent(3)

authcap(4)

default(4)

group(4)

passwd(4)

prpasswd(4)  —  File Formats

NAME

prpasswd, prpwd − Protected password authentication database files (Enhanced Security)

DESCRIPTION

An authentication profile is maintained for each user on the system. A user profile is kept in a protected password database file that is accessible only to trusted programs acting on behalf of the trusted computing base (TCB). The protected password database files contain among other things the encrypted password for the user account.  On a trusted system, the encrypted password must be hidden from untrusted users. 

The protected password database files do not eliminate the need for the /etc/passwd and the /etc/group files. Users must be defined in the passwd file in order to use the system. The protected password database file for a user contains the user name and user ID to provide a correlation to the user’s /etc/passwd entry.  There must be a match or the user account is treated as invalid. 

Protected password database files are maintained in the /tcb/files/auth hierarchy. This directory contains other directories each named with a single letter from the alphabet. User authentication profiles are stored in these directories based on the first letter of the user account name. The name of a protected password database file is the name of the user not prpasswd. This enables an efficient search operation to locate the file for a specific user name. For instance, the authentication profile for the root account is located in the /tcb/files/auth/r directory and can be accessed by opening the file /tcb/files/auth/r/root. 

Each file defines a user’s authentication profile by specifying values that are interpreted by trusted programs acting as part of the TCB. Fields defined in a file are user-specific values and are used before a system default value for the same field is used.  Trusted programs check first for the existence of user-specific parameters before using a system default value. 

A protected password database file contains keyword field identifiers and depending on the field type a value for that field (certain field types do not require an explicit value).  The exact syntax for field specifications is consistent for all authentication databases and is described in the authcap(4) reference page.  The keyword field identifiers supported by the protected password database file and their associated functions are as follows:

u_nameThis is the user name for the account. The string must match the name of the file and a user name in a corresponding /etc/passwd entry. 

u_idThis is the user ID for the account.  The number must match the user ID field of the corresponding /etc/passwd entry. 

u_pwdThis field contains the encrypted password string for the account if the account has a password. 

u_priorityThis is a priority number used by authentication programs to modify the nice value of a login process for the user (see the setpriority(2) reference page). 

u_auditcntl
This field is the numeric value corresponding to SET_PROC_ACNTL. This number is used in conjunction with the u_auditmask mask. 

u_auditmask
This field consists of a comma-separated list of audit event names. The events are the same as those specified in the auditmask(8) reference page. An entry of u_auditmask=all specifies all system calls and trusted events. 

u_minchgThis field specifies the minimum password change time in seconds. If the number is nonzero, the password cannot be changed until the specified number of seconds since the last successful password change have passed unless the person changing the password is authorized to override this constraint. 

u_maxlenThe number in this field specifies the maximum length of the user account password and should be less than the system-wide maximum value defined by the <prot.h> constant AUTH_MAX_PASSWD_LENGTH. 

u_minlenThe number in this field specifies the minimum length of the user account password. If the field is zero, a dynamic value is calculated as defined in the Green Book. 

u_expThe number in this field is a time_t value that specifies how long from a successful change until the account password expires.  When a password expires, system authentication programs will request that the password be changed when the user logs in to the system.  If the password lifetime expires before the password is changed, the account is locked. 

u_lifeThe number in this field is a time_t value that specifies the lifetime of a password.  If this time interval is reached, the account is locked and can only be unlocked by an authorized system administrator. 

u_succhgThe time in this field is a time_t value that indicates the time of the last successful password change. This field should only be set by programs that can be used to change the account password. 

u_unsucchg
The time in this field is a time_t value that indicates the time of the last unsuccessful password change.  This field should only be set by programs that can be used to change the account password. 

u_pickpwThis field controls the ability of the user to pick a password for the account.  A :u_pickpw: entry indicates that the user can pick his own password; a :u_pickpw@: entry indicates that he cannot.  This permits an account to be configured so that a user cannot pick a password but instead has a password generated by the system. 

u_genpwdThis field controls the ability of a user to generate a password for the account.  A :u_genpwd: entry indicates that the system will generate the password for the user; a :u_genpwd@: entry indicates that the user can pick his own password.  The system is capable of generating passwords containing random words. 

u_restrictThis field controls whether password triviality checks are performed on any user-selected passwords.  A :u_restrict: entry indicates that triviality checks are performed; a :u_restrict@: entry indicates they are not performed.  Triviality checks include verifying that the password is not a login or group name, a palindrome, or a word recognized by the spell program. See the acceptable_password(3) reference page for more information on triviality checks for passwords. 

u_nullpwThis field controls the ability of the user to choose a null password for the account.  A :u_nullpw: entry indicates a null password can be chosen; a :u_nullpw@: entry indicates that it cannot. 

u_pwchanger
This field is a string representing the user name of the last person to change the account password if that user was not the account’s owner. This is used to warn the user at login time if the account password has been changed, possibly without the knowledge of the user.

u_gencharsThis field controls the ability of the user to generate random characters for a password.  A :u_genchars: entry indicates that the user can generate passwords made up of random characters; a :u_genchars@: entry indicates that he cannot. 

u_genletters
This field controls the ability of the user to generate random letters for a password. A :u_genletters: entry indicates that the user can generate passwords made up of random letters; a :u_genletters@: entry indicates that he cannot. 

u_pwdepthThis field is a number (0 to 9) representing the number of old encrypted passwords to keep to prevent reuse of previously used passwords. 

u_pwdictThis field is a comma-separated list strings representing the old encrypted passwords. The length of the list is determined by u_pwdepth. 

u_oldcryptThis field is the algorithm number used to encrypt the current password. 

u_newcrypt
This field is the algorithm number used to encrypt future passwords.

u_todThis field is a string that contains a comma-separated list of time-of-day specification entries that control when the user account can be used for login. 

u_suclogThe time in this field is a time_t value that contains the system time of the last successful login to the account. 

u_unsuclogThe time in this field is a time_t value that contains the system time of the last unsuccessful login to the account. 

u_sucttyThis field is a character string that identifies the name of the terminal associated with the last successful login to the account. 

u_numunsuclog
This field contains a number indicating the number of unsuccessful login attempts to the account. This field is reset when a successful login to the account occurs. If a login is attempted during the time period from u_unsuclog to u_unsuclog plus u_unlock, andu_numunsuclog is not less than u_maxtries, the login is refused.  (This check is suppressed if the u_maxtries field is set to zero.) 

u_unsucttyThis field is a character string that identifies the name of the terminal associated with the last unsuccessful login attempt to the account. 

u_maxtriesThe number in this field specifies the maximum number of consecutive unsuccessful login attempts to the account that are permitted until the account is locked.  Setting this field to 0 prevents the account from being disabled because of retry failures.  In this case, u_numunsuclog is incremented but not checked. 

u_retiredThis field indicates whether the account is retired or not. An account that has been retired cannot be used for any purpose.  A :u_retired: entry indicates that the account is retired; a :u_retired@: entry indicates that it is not. 

u_lockThis field is used to administratively lock an account.  A :u_lock: entry indicates that the account is locked; a :u_lock@: entry indicates that it is not.  A user cannot log in to a locked account.  An account can also be locked by other means.  See getprpwent(3) for more information on locks. 

u_unlockThis field is a number indicating the time in seconds to wait before unlocking the account after an unsuccessful login attempt (u_unsuclog). 

u_policyThis field is used to control whether the /tcb/bin/pwpolicy file is consulted for validating password changes.  A :u_policy: entry indicates that the /tcb/bin/pwpolicy file is consulted; a :u_policy@: entry indicates that it is not. 

u_expdateThe actual time of type time_t that an account is set to expire. 

The getprpwent routines are used to parse the protected password database files into a prpasswd structure that can be used by programs.  A flag in the structure indicates whether a particular field in the structure and hence the field is defined. System default values are also provided in the structure.  These values are derived from the /etc/auth/system/default file and can be used by programs in the absence of a user-specific value. 

EXAMPLES

The following example shows a typical protected password database file:

perry:u_name=perry:u_id#101:\
        :u_pwd=aZXtu1kmSpEzm:\
        :u_minchg#0:u_succhg#653793862:u_unsucchg#622581606:u_nullpw:\
        :u_suclog#671996425:u_suctty=tty1:\
        :u_unsuclog#660768767:u_unsuctty=tty1:\
        :u_maxtries#3:chkent:

This protected password database file is for the user perry.  The user ID for perry is 101.  This value must match the /etc/passwd entry for this user. The account has a password and its encrypted form is specified by the u_pwd field. 

The database file specifies a minimum password change time of 0, indicating that the password can be changed at any time. Furthermore, the account is permitted to have a null password.  The account has a maximum consecutive unsuccessful login threshold of 3, indicating that the account is locked after three failed attempts. The remaining fields provide account information such as the last successful and unsuccessful password change times as well as the last successful and unsuccessful login times and terminal names. 

FILES

/tcb/files/auth/[a-z]/∗
Specifies the pathname of the protected password database files.

/etc/auth/system/default
The system default database that defines system-wide global parameters.

RELATED INFORMATION

Commands: login(1), passwd(1), auditmask(8), authck(8)

Functions: nice(3), acceptable_password(3), getprpwent(3)

Files:  authcap(4), default(4), group(4), passwd(4)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026