AUTHCAP(F) UNIX System V
Name
authcap - authentication database
Syntax
/etc/auth/*
/tcb/files/auth/*
Description
The database contains authentication and identity
information for users, kernels, and TCB files as well as
system-wide parameters. It is intended to be used by
programs to interrogate user and system values, as well as
by authentication programs to update that information.
Structure of the Hierarchies
The complete database resides in two hierarchies:
/tcb/files/auth and /etc/auth. The first hierarchy deals
with user-specific files, and has subdirectories of one
letter each of which is the starting letter for user name.
Within each of these directories are regular files, each
containing an authcap(F) format file for a particular user.
Thus, all user names beginning with x have their respective
authentication and identity information in a file in
directory /tcb/files/auth/x.
The directories within /etc/auth contain system-wide
information. The global system settings reside in the
/etc/auth/system directory. The subsystem authorizations
associated with each protected subsystem (a protected
subsystem is privileged but does not require global
authority to perform actions) are located in the
/etc/auth/subsystems directory.
The following database files are contained in the system
directory:
default Default Control
files File Control
ttys Terminal Control
authorize Primary and Secondary
Authorization Control File
devassign Device Assignment
A subsystem file name is the group name associated with the
protected subsystem. The owner of all files is auth and the
group is the group of the subsystem. Only the owner and
group of this file may view the contents. The file
dflt_users lists the users granted default subsystem
authorizations.
Format of a File
Each data file in the hierarchy, whether system-wide or
user-specific, has the same format. Each user file consists
of one virtual line, optionally split into multiple physical
lines with the `\' character present at the very end of all
lines but the last. For instance, the line
blf:u_name=blf:u_id#16:u_encrypt=a78/a1.eitfn6:u_type=sso:chkent:
may be split into:
blf:u_name=blf:u_id#16:\
:u_encrypt=a78/a1.eitfn6:\
:u_type=sso:chkent:
Note that all capabilities must be immediately preceded and
followed with the `:' separator; multiple line entries
require additional ones - one more per line. Multiple
entries are separated by a newline:
drb:u_name=drb:u_id#75:u_maxtries#9:u_type=general:chkent:
blf:u_name=blf:u_id#76:u_maxtries#5:u_type=general:chkent:
For subsystem files, the file is a set of lines, each
containing a user name terminated by a colon, followed by a
comma-separated list of primary and secondary authorizations
defined for that subsystem.
Format of a Line
The format of a line (except for subsystem files) is briefly
as follows:
name|alt name(s)|description:cap1:cap2:cap3:...:capn:chkent:
The entry can be referenced by the name or any of the
alternate names. A description field may document the
entry. The entry name(s) and description are separated by
the `|' character. The end of the name/description part of
the entry is terminated by the `:' character. Alternate
names and the description fields are optional.
At the end of each entry is the chkent field. This is used
as an integrity check on each entry. The authcap(S)
routines will reject all entries that do not have chkent at
the very end.
Each entry has 0 or more capabilities, each terminated with
the `:' character. Each capability has a unique name.
Numeric capabilities have the format:
id#num
where num is a decimal or (0 preceded) octal number.
Boolean capabilities have the format:
id
or
id@
where the first form signals the presence of the capability
and the second form signals the absence of the capability.
String capabilities have the format:
id=string
where string is 0 or more characters. The `\' and `:'
characters are escaped as `\\' and `\:' respectively.
Although it is not recommended, the same id may be used for
different numeric, boolean, and string capabilities.
See Also
getprpwent(S), getdvagent(S), getprtcent(S), getprfient(S)
Value Added
authcap is an extension of AT&T System V provided by the
Santa Cruz Operation.
(printed 2/15/90) AUTHCAP(F)