AUTHCK(ADM) UNIX System V
Name
authck - checks internal consistency of Authentication
database
Syntax
/tcb/bin/authck [ -p ][ -t ][ -a ][ -s [ -n | -y ]][ -v ]
Description
authck checks both the overall structure and internal field
consistency of all components of the Authentication
database. It reports all problems it finds. The options
and tests are as follows:
-p Check the Protected Password database. A number of
tests are performed. The Protected Password database
and /etc/passwd are checked for completeness such that
neither contains entries not in the other. Once this
is done, the fields common to the Protected Password
database and /etc/passwd are checked to make sure they
agree. Then, fields in the Protected Password database
are checked for reasonable values. For instance, all
time stamps of past events are checked to make sure
they have times less than that returned by time(S).
-t The fields in the Terminal Control database are checked
for reasonable values. All time stamps of past events
are checked to make sure they have times less than
returned by time.
-s The Protected Subsystem database files are checked to
ensure they correctly reflect the subsystem
authorization entries in the Protected Password
database. Each name listed in each subsystem file is
verified against the Protected Password entry with the
same name, so that no authorization is inconsistent
between the files. Also, each Protected Password entry
is scanned to ensure that all the privileges listed do
in fact get reflected in the Protected Subsystem
database. If any inconsistencies are found and neither
the -n or -y flags have been given, the administrator
is asked whether authck should repair the Subsystem
database. The -y flag makes authck repair the database
without asking first and the -n flag makes authck abort
the repair phase.
-a This option is shorthand for turning on all the -p, -t,
and -s, options.
-v This options provides running diagnostics as the
program proceeds. It also produces warnings on events
that should not occur but otherwise do not harm the
Authentication database and the routines operating on
it.
Files
/etc/passwd - System password file
/tcb/files/auth/?/* - Protected Password database
/etc/auth/system/ttys - Terminal Control database
/etc/auth/system/files - File Control database
/etc/auth/subsystems/* - Protected Subsystem database
/etc/auth/system/default - System Defaults database
See Also
integrity(ADM), getprpwent(S), getprtcent(S), getprfient(S),
getprdfent(S), authcap(F), subsystem(S), ``Maintaining
System Security'' chapter of the System Administrator's
Guide
Notes
authck requires the invoking user to be root or have the
auth subsystem authorization. The chmod kernel
authorization is also required for authck to repair the
subsystem databases.
Value Added
authck is an extension of AT&T System V provided by the
Santa Cruz Operation.
(printed 1/7/91) AUTHCK(ADM)