authsh(ADM) 19 June 1992 authsh(ADM) Name authsh - administrator interface for authorization subsystem Syntax /usr/lib/sysadm/authsh Description authsh is the screen interface invoked by the sysadmsh(ADM) Accounts selection to administer the authorization subsystem. It is a full screen menu-driven interface that provides the functions necessary to control the generation and maintenance of user and system passwords, the terminal database configuration, terminal and account locking, and the generation of administrator reports on system activity. The functions supported by the main level menu are: User This category of screen interfaces is provided for the setup and maintenance of user accounts and user account passwords. The screens are used to add, update, display, and delete user accounts from the system. Also, modifications to user account passwords or modifications to the various criteria controlling the generation of account passwords is accom- plished using this menu option. Defaults These options are provided for the maintenance of system-wide parameters like default privileges, password expiration, password lifetime, single-user password requirement, restric- tive password generation, and the delay time between login attempts. These parameters apply on a global system basis rather than a user account basis. Terminal The terminal database interface screens are used for the maintenance of the database entries to support the addition, deletion, and update of terminal information. Additionally, this category includes the necessary screens for setting and clearing locks on specific terminals. Report This category provides the administrator with a method of generating various reports on system activity. Report types include password database, terminal database, and login activity reports. Check This option provides the administrator with a consistency check on databases (protected password, terminal control database, and subsystem database) and the password file (/etc/passwd). The password check returns system account warning messages. This option is not normally used. See also passwd(C) ``Maintaining system security,'' chapter of the System Administrator's Guide Files /etc/group /etc/passwd /tcb/files/auth/[a-z]* /etc/auth/subsystems/* /etc/auth/system/* /etc/default/authsh /etc/default/authsh fields The field values of /etc/default/authsh are: LOGINGROUP Name of default login group. Must exist in /etc/group. OTHERGROUPS List of groups the user is to be a member of. Each group listed must exist in /etc/group. The LOGINGROUP does not need to be included in this list. The groups in the list may be separated by commas ( , ) or spaces. SHELL Name of default login shell, either the name of a shell defined in /usr/lib/mkuser, or the full pathname of an executable file. Note that the empty name is legal but is not equivalent to either sh or /bin/sh. HOMEDIR Default absolute pathname of parent directory of user's home directory. The home directory itself has the same name as the user. This parent directory must be r/w/x by group auth. HOMEMODE Default permissions for the user's home directory. Note that both HOMEDIR and HOMEMODE default settings can be overridden on a shell-specific and/or path-spe- cific basis. USERTYPE Default type of user: Individual Individual's personal account, used by one person, and one person only. Operator Administrator Security Officer Various classifications of accounts potentially used by more than one indi- vidual. Pseudo-user Anonymous account never directly used by a user. All user types except Individual must have an associated account which is allowed to su(C) to the user. UID MINADMINUID to MAXADMINUID, inclusive: UID values the administrator may choose. MINSUGGESTUID to MAXSUGGESTUID, inclusive: UID values the system may suggest. Note that UIDs less than 200 are reserved and should not be used. GID Similar to UID ranges. Note that GIDs less than 100 are reserved and should not be used. MIN_USER_NAME Minimum length of an acceptable user name (default: 3 characters). MAX_USER_NAME Maximum acceptable length of a user name (default: 8 characters). MIN_GROUP_NAME Minimum length for a group name (default: 3 charac- ters). MAX_GROUP_NAME Maximum length for a group name (default: 8 charac- ters). Note Invoking authsh(ADM) is not recommended; use the sysadmsh(ADM) Accounts selection. Value added authsh is an extension of AT&T System V provided by The Santa Cruz Opera- tion, Inc.