authck(ADM) 19 June 1992 authck(ADM) Name authck - check internal consistency of authentication database Syntax /tcb/bin/authck [ -p ] [ -t ][ -a ][ -s [ -n | -y ]][ -v ] Description authck checks both the overall structure and internal field consistency of all components of the Authentication database. It reports all prob- lems it finds. The options and tests are as follows: -p Check the Protected Password database. A number of tests are per- formed. The Protected Password database and /etc/passwd are checked for completeness such that neither contains entries not in the other. Once this is done, the fields common to the Protected Pass- word database and /etc/passwd are checked to make sure they agree. Then, fields in the Protected Password database are checked for rea- sonable values. For instance, all time stamps of past events are checked to make sure they have times less than that returned by time(S). -t The fields in the Terminal Control database are checked for reason- able values. All time stamps of past events are checked to make sure they have times less than returned by time. -s The Protected Subsystem database files are checked to ensure they correctly reflect the subsystem authorization entries in the Pro- tected Password database. Each name listed in each subsystem file is verified against the Protected Password entry with the same name, so that no authorization is inconsistent between the files. Also, each Protected Password entry is scanned to ensure that all the privileges listed do in fact get reflected in the Protected Subsys- tem database. If any inconsistencies are found and neither the -n or -y flags have been given, the administrator is asked whether authck should repair the Subsystem database. The -y flag makes authck repair the database without asking first and the -n flag makes authck abort the repair phase. -a This option is shorthand for turning on all the -p, -t, and -s, options. -v This option provides running diagnostics as the program proceeds. It also produces warnings on events that should not occur but other- wise do not harm the Authentication database and the routines oper- ating on it. Files /etc/passwd System password file /tcb/files/auth/?/* Protected Password database /etc/auth/system/ttys Terminal Control database /etc/auth/system/files File Control database /etc/auth/subsystems/* Protected Subsystem database /etc/auth/system/default System Defaults database See also authcap(F), getprpwent(S), getprtcent(S), getprfient(S), getprdfent(S), integrity(ADM), subsystem(S) ``Maintaining System Security'' chapter of the System Administrator's Guide Notes authck requires the invoking user to be root or have the auth subsystem authorization. The chown kernel authorization is also required for authck to repair the subsystem databases. Value added authck is an extension of AT&T System V provided by The Santa Cruz Opera- tion, Inc.