authcap(4) — File Formats
NAME
authcap − Format of security databases (Enhanced Security)
DESCRIPTION
The security-relevant databases used by the enhanced security subsets include the user profile databases (and by extension thier optional NIS map source files), the file control database, the terminal control and device assignment databases, and the system default database.
This reference page describes the location and general format of these databases. A specific reference page for each database describes its fields.
The user profile databases (sometimes referred to as the protected password database) reside in /tcb/files/auth.db and /var/tcb/files/auth.db. The /tcb/files/auth.db database contains information for UIDs from 0 to 99. The /var/tcb/files/auth.db database contains information for UIDs 100 and up.
All other databases reside in /etc/auth/system. These include:
defaultSystem default database of global (or template) values for users and devices.
filesFile control database
ttys.dbTerminal control database
devassignDevice assignment database
Files with .db extensions are in database format for efficiency. Others are ASCII files. All the databases can be manipulated by the edauth utility.
A file entry consists of a key followed by a colon (:), a set of field/value pairs each followed by a colon, and a terminator, chkent:. The following is an example of a user profile entry as a single, continuous line:
jones:u_name=jones:u_id#16:u_pwd=a78/a1.eitfn6:u_lock@:chkent:
For readability, an entry can optionally be split into multiple lines by inserting a backslash (\) character at the end of each line and an extra colon at the beginning of the continuation line. Continuation lines are indented by a tab character. The split cannot separate a field/value pair, including its terminating colon.
The following is the same entry as above, broken into multiple lines:
jones:u_name=jones:u_id#16:\
:u_pwd=a78/a1.eitfn6:\
:u_lock@:chkent:
Multiple entries are separated by a new line that is not preceded by a continuation character. For example:
smith:u_name=smith:u_id#75:u_maxtries#9:u_retired:chkent:
jones:u_name=jones:u_id#76:u_maxtries#5:u_retired:chkent:
Each entry is referenced by the key followed by the colon (:).
At the end of each entry is the chkent field. The "chkent:" string indicates that the entry is complete. This is used as an integrity check on each entry by the programs that read the databases.
The field names, or capabilities, begin with an identifying prefix that depends upon the database type. The following list of prefixes also lists the reference page that explains the associated database:
t_Terminal control database field. See the ttys(4) reference page.
u_User profile (protected password) database field. See the prpasswd(4) reference page.
v_Device assignment database field. See the devassign(4) reference page.
d_System default database field. Note that the system default database can contain fields with any of the above prefixes. See the default(4) reference page.
Fields can have numeric, Boolean, or string values:
NumericNumeric fields take the form fieldname#number, where number is a decimal number, an octal number (indicated by a leading 0), or a hexadecimal number (indicated by a leading 0X).
BooleanBoolean fields take the form fieldname for true or fieldname@ for false.
StringString fields take the form fieldname=string, where string is 0 (zero) or more characters. To include the backslash () or colon (:) characters in a string, surround them with the backslash () character.
File Locking
All databases use a lock file, the existence of which means that the file is currently being rewritten. Occasionally, the files remain after a system crash and must be removed manually. The lock file is formed by appending :t to the database file name.
Fields and Flags
A program reads a database entry as a structure composed of two sub-structures: a field sub-structure and a flag sub-structure. Each sub-structure has one member for each potential field. A one-bit flag indicates the presence or absence of its corresponding field in a particular entry. The field structure contains the field values (for example, a number, a Boolean flag, a directory string, or a mask).
FILES
/tcb/files/auth.db
Protected password database for UIDs from 0 to 99.
/var/tcb/files/auth.db
Protected password database for UIDs 100 and up.
/etc/auth/system/∗
Contains the global system settings database.
RELATED INFORMATION
Functions: getprpwent(3), getdvagent(3), getprdfent(3), getprtcent(3), getprfient(3)
Files: default(4), devassign(4), files(4), prpasswd(4), ttys(4)