Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ authck(ADM) — OpenDesktop 3.0.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

authcap(F)

getprpwent(S)

getprtcent(S)

getprfient(S)

getprdfent(S)

integrity(ADM)

subsystem(S)


 authck(ADM)                     19 June 1992                     authck(ADM)


 Name

    authck - check internal consistency of authentication database

 Syntax

    /tcb/bin/authck [ -p ] [ -t ][ -a ][ -s [ -n | -y ]][ -v ]

 Description

    authck checks both the overall structure and internal field consistency
    of all components of the Authentication database.  It reports all prob-
    lems it finds.  The options and tests are as follows:

    -p   Check the Protected Password database.  A number of tests are per-
         formed.  The Protected Password database and /etc/passwd are checked
         for completeness such that neither contains entries not in the
         other.  Once this is done, the fields common to the Protected Pass-
         word database and /etc/passwd are checked to make sure they agree.
         Then, fields in the Protected Password database are checked for rea-
         sonable values.  For instance, all time stamps of past events are
         checked to make sure they have times less than that returned by
         time(S).

    -t   The fields in the Terminal Control database are checked for reason-
         able values.  All time stamps of past events are checked to make
         sure they have times less than returned by time.

    -s   The Protected Subsystem database files are checked to ensure they
         correctly reflect the subsystem authorization entries in the Pro-
         tected Password database.  Each name listed in each subsystem file
         is verified against the Protected Password entry with the same name,
         so that no authorization is inconsistent between the files.  Also,
         each Protected Password entry is scanned to ensure that all the
         privileges listed do in fact get reflected in the Protected Subsys-
         tem database.  If any inconsistencies are found and neither the -n
         or -y flags have been given, the administrator is asked whether
         authck should repair the Subsystem database.  The -y flag makes
         authck repair the database without asking first and the -n flag
         makes authck abort the repair phase.

    -a   This option is shorthand for turning on all the -p, -t, and -s,
         options.

    -v   This option provides running diagnostics as the program proceeds.
         It also produces warnings on events that should not occur but other-
         wise do not harm the Authentication database and the routines oper-
         ating on it.

 Files

    /etc/passwd                       System password file
    /tcb/files/auth/?/*               Protected Password database
    /etc/auth/system/ttys             Terminal Control database
    /etc/auth/system/files            File Control database
    /etc/auth/subsystems/*            Protected Subsystem database
    /etc/auth/system/default          System Defaults database

 See also

    authcap(F), getprpwent(S), getprtcent(S), getprfient(S), getprdfent(S),
    integrity(ADM), subsystem(S)

    ``Maintaining System Security'' chapter of the System Administrator's
    Guide

 Notes

    authck requires the invoking user to be root or have the auth subsystem
    authorization.  The chown kernel authorization is also required for
    authck to repair the subsystem databases.

 Value added

    authck is an extension of AT&T System V provided by The Santa Cruz Opera-
    tion, Inc.


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026