Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ authsh(ADM) — OpenDesktop 3.0.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

passwd(C)


 authsh(ADM)                     19 June 1992                     authsh(ADM)


 Name

    authsh - administrator interface for authorization subsystem

 Syntax

    /usr/lib/sysadm/authsh

 Description

    authsh is the screen interface invoked by the sysadmsh(ADM) Accounts
    selection to administer the authorization subsystem. It is a full screen
    menu-driven interface that provides the functions necessary to control
    the generation and maintenance of user and system passwords, the terminal
    database configuration, terminal and account locking, and the generation
    of administrator reports on system activity.

    The functions supported by the main level menu are:

    User        This category of screen interfaces is provided for the setup
                and maintenance of user accounts and user account passwords.
                The screens are used to add, update, display, and delete user
                accounts from the system. Also, modifications to user account
                passwords or modifications to the various criteria
                controlling the generation of account passwords is accom-
                plished using this menu option.

    Defaults    These options are provided for the maintenance of system-wide
                parameters like default privileges, password expiration,
                password lifetime, single-user password requirement, restric-
                tive password generation, and the delay time between login
                attempts. These parameters apply on a global system basis
                rather than a user account basis.

    Terminal    The terminal database interface screens are used for the
                maintenance of the database entries to support the addition,
                deletion, and update of terminal information. Additionally,
                this category includes the necessary screens for setting and
                clearing locks on specific terminals.

    Report      This category provides the administrator with a method of
                generating various reports on system activity. Report types
                include password database, terminal database, and login
                activity reports.

    Check       This option provides the administrator with a consistency
                check on databases (protected password, terminal control
                database, and subsystem database) and the password file
                (/etc/passwd).  The password check returns system account
                warning messages.  This option is not normally used.

 See also

    passwd(C)

    ``Maintaining system security,'' chapter of the System Administrator's
    Guide

 Files

    /etc/group
    /etc/passwd
    /tcb/files/auth/[a-z]*
    /etc/auth/subsystems/*
    /etc/auth/system/*
    /etc/default/authsh

 /etc/default/authsh fields

    The field values of /etc/default/authsh are:

    LOGINGROUP       Name of default login group.  Must exist in /etc/group.

    OTHERGROUPS      List of groups the user is to be a member of.  Each
                      group listed must exist in /etc/group.  The LOGINGROUP
                      does not need to be included in this list.  The groups
                      in the list may be separated by commas ( , ) or spaces.

    SHELL             Name of default login shell, either the name of a shell
                      defined in /usr/lib/mkuser, or the full pathname of an
                      executable file.  Note that the empty name is legal but
                      is not equivalent to either sh or /bin/sh.

    HOMEDIR          Default absolute pathname of parent directory of user's
                      home directory.  The home directory itself has the same
                      name as the user.  This parent directory must be r/w/x
                      by group auth.

    HOMEMODE         Default permissions for the user's home directory.
                      Note that both HOMEDIR and HOMEMODE default settings
                      can be overridden on a shell-specific and/or path-spe-
                      cific basis.

    USERTYPE         Default type of user:

                      Individual     Individual's personal account, used by
                                     one person, and one person only.

                      Operator

                      Administrator

                      Security Officer
                                     Various classifications of accounts
                                     potentially used by more than one indi-
                                     vidual.

                      Pseudo-user    Anonymous account never directly used by
                                     a user.

    All user types except Individual must have an associated account which is
    allowed to su(C) to the user.

    UID               MINADMINUID to MAXADMINUID, inclusive:
                      UID values the administrator may choose.

                      MINSUGGESTUID to MAXSUGGESTUID, inclusive:
                      UID values the system may suggest.

                      Note that UIDs less than 200 are reserved and should
                      not be used.

    GID               Similar to UID ranges.

                      Note that GIDs less than 100 are reserved and should
                      not be used.

    MIN_USER_NAME     Minimum length of an acceptable user name (default: 3
                      characters).

    MAX_USER_NAME     Maximum acceptable length of a user name (default: 8
                      characters).

    MIN_GROUP_NAME    Minimum length for a group name (default: 3 charac-
                      ters).

    MAX_GROUP_NAME    Maximum length for a group name (default: 8 charac-
                      ters).

 Note

    Invoking authsh(ADM) is not recommended; use the sysadmsh(ADM) Accounts
    selection.

 Value added

    authsh is an extension of AT&T System V provided by The Santa Cruz Opera-
    tion, Inc.


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026