Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ authcap(F) — OpenDesktop 1.0.0y

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

getprpwent(S)

getdvagent(S)

getprtcent(S)

getprfient(S)


     AUTHCAP(F)                                 UNIX System V



     Name
          authcap - authentication database


     Syntax
          /etc/auth/*
          /tcb/files/auth/*


     Description
          The   database   contains   authentication   and    identity
          information  for  users,  kernels,  and TCB files as well as
          system-wide parameters.   It  is  intended  to  be  used  by
          programs  to  interrogate user and system values, as well as
          by authentication programs to update that information.

        Structure of the Hierarchies
          The  complete   database   resides   in   two   hierarchies:
          /tcb/files/auth  and  /etc/auth.   The first hierarchy deals
          with user-specific files,  and  has  subdirectories  of  one
          letter  each  of which is the starting letter for user name.
          Within each of these directories  are  regular  files,  each
          containing  an authcap(F) format file for a particular user.
          Thus, all user names beginning with x have their  respective
          authentication   and  identity  information  in  a  file  in
          directory /tcb/files/auth/x.

          The  directories  within   /etc/auth   contain   system-wide
          information.   The  global  system  settings  reside  in the
          /etc/auth/system directory.   The  subsystem  authorizations
          associated   with  each  protected  subsystem  (a  protected
          subsystem  is  privileged  but  does  not   require   global
          authority   to   perform   actions)   are   located  in  the
          /etc/auth/subsystems directory.

          The following database files are  contained  in  the  system
          directory:

                    default        Default Control
                    files          File Control
                    ttys           Terminal Control
                    authorize      Primary and Secondary
                                   Authorization Control File
                    devassign      Device Assignment

          A subsystem file name is the group name associated with  the
          protected subsystem.  The owner of all files is auth and the
          group is the group of the subsystem.   Only  the  owner  and
          group  of  this  file  may  view  the  contents.   The  file
          dfltusers  lists  the  users  granted   default   subsystem
          authorizations.

        Format of a File
          Each data file in  the  hierarchy,  whether  system-wide  or
          user-specific, has the same format.  Each user file consists
          of one virtual line, optionally split into multiple physical
          lines  with the `/' character present at the very end of all
          lines but the last.  For instance, the line

          blf:u_name=blf:u_id#16:u_encrypt=a78/a1.eitfn6:u_type=sso:chkent:

          may be split into:

          blf:u_name=blf:u_id#16:\
                  :u_encrypt=a78/a1.eitfn6:\
                  :u_type=sso:chkent:

          Note that all capabilities must be immediately preceded  and
          followed  with  the  `:'  separator;   multiple line entries
          require additional ones  -  one  more  per  line.   Multiple
          entries are separated by a newline:

          drb:u_name=drb:u_id#75:u_maxtries#9:u_type=general:chkent:
          blf:u_name=blf:u_id#76:u_maxtries#5:u_type=general:chkent:

          For subsystem files, the  file  is  a  set  of  lines,  each
          containing  a user name terminated by a colon, followed by a
          comma-separated list of primary and secondary authorizations
          defined for that subsystem.

        Format of a Line
          The format of a line (except for subsystem files) is briefly
          as follows:

          name|alt name(s)|description:cap1:cap2:cap3:...:capn:chkent:

          The entry can be referenced  by  the  name  or  any  of  the
          alternate  names.   A  description  field  may  document the
          entry.  The entry name(s) and description are  separated  by
          the  `|' character.  The end of the name/description part of
          the entry is terminated by  the  `:'  character.   Alternate
          names and the description fields are optional.

          At the end of each entry is the chkent field.  This is  used
          as  an  integrity  check  on  each  entry.   The  authcap(S)
          routines will reject all entries that do not have chkent  at
          the very end.

          Each entry has 0 or more capabilities, each terminated  with
          the  `:'  character.   Each  capability  has  a unique name.
          Numeric capabilities have the format:

                 id#num

          where num  is  a  decimal  or  (0  preceded)  octal  number.
          Boolean capabilities have the format:

                 id

          or

                 id@

          where the first form signals the presence of the  capability
          and  the  second form signals the absence of the capability.
          String capabilities have the format:
          id=string
          where string is 0 or  more  characters.   The  `\'  and  `:'
          characters  are  escaped  as  `\\'  and  `\:'  respectively.
          Although it is not recommended, the same id may be used  for
          different numeric, boolean, and string capabilities.


     See Also
          getprpwent(S), getdvagent(S), getprtcent(S), getprfient(S)


     Value Added
          authcap is an extension of AT&T System  V  provided  by  the
          Santa Cruz Operation.


     (printed 8/23/89)                                  AUTHCAP(F)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026