prpw(F) 06 January 1993 prpw(F) Name prpw - protected password authentication database files Format See authcap(F) Description An authentication profile is maintained for each user on the system. This profile is kept in a protected password database file that is accessible only to trusted programs acting on behalf of the TCB. The protected pass- word (prpw) database file contains the encrypted password for the user account. On a trusted system, this must be hidden from untrusted users. The protected password database files do not remove the need for the /etc/passwd and the /etc/group files. Users must be defined in the passwd file in order to use the system. The protected password database file for a user contains the user name and user ID as defined in the user's /etc/passwd entry. Protected password database files are maintained in a directory hierarchy below the /tcb/files/auth directory. This directory contains 26 directories, named for every letter in the alphabet. User authentication profiles are stored in these directories according to the first letter of the account name. For example, the authentication profile for the root account is located in the /tcb/files/auth/r directory and can be accessed by opening the file /tcb/files/auth/r/root. Changes to these files are normally made by selecting Accounts -> User in sysadmsh(ADM). A user's prpw file defines their authentication profile by specifying values to be interpreted by trusted programs instead of the system default value. (Trusted programs check for the existence of user specific parameters before using a system default value. See default(F).) The following keyword identifiers are supported: uauditcntl A comma separated list of audit event names (such as insuff_priv, proc_mod, or ob_create) that defines those audit events that are explicitly controlled by a disposi- tion mask for any process initiated by this user. Any event specified in this mask can be enabled or disabled for auditing regardless of the system audit mask. This provides a user specific audit control capability. Events not specified in this list will be subject to the system- wide audit disposition mask. This field is used in con- junction with the uauditdisp mask. uauditdisp A comma separated list of audit event names (such as insuff_priv, proc_mod, or ob_create) that defines which of those audit events specified in the audit control mask, uauditcntl, should always be audited. An event which appears in the control mask but not in this mask will never be audited for this user. ucmdpriv A comma separated list of subsystem authorization names that lists the subsystem authorizations in effect for the user. Subsystem authorizations for a user are not esta- blished by this field, but are instead derived from lists for each subsystem in the directory /etc/auth/subsystems. This field should match the definition of the user's sub- system authorizations in those files, although only the authck(ADM) trusted program checks this. uexp Defines the number of seconds after a successful password change until an account password expires. When a password expires, system authentication programs will request that the password be changed when the user logs into the sys- tem. ugenpwd This flag controls the ability of a user to use a password generated by the system for their account. uid The user ID for the account. This is the same as the user ID field of the corresponding /etc/passwd entry. ulife The lifetime of a password in seconds. If this time is exceeded, the account will be locked and can only be unlocked by an authorized system administrator. ulock This flag is used to lock an account. A user cannot login to a locked account. umaxlen The maximum length of generated passwords for the user account. umaxtries The maximum number of consecutive unsuccessful login attempts to the account that are permitted until the account is locked. uminchg The minimum password change time in seconds. If non-zero, the password cannot be changed until the specified number of seconds have passed since the last successful password change, unless the person changing the password is author- ized to override this constraint. uname The user name for the account. This should be the same as the name of the prpw file, and the user name from the cor- responding entry in /etc/passwd. unullpw This flag controls the ability of the user to select a null password for the account. unumunsuclog A count of the number of unsuccessful login attempts to the account. This count is reset when a successful login to the account occurs. uowner Typically used for accounts which do not represent a real user (that is, accounts with a type other than general). It specifies a user who is allowed to use su(C) to enter the account without requiring su secondary subsystem authorisation. upickpw A flag that controls the ability of the user to choose a password for the account. This permits an account to be configured so that the system generates a password rather than letting the user provide one. upriority The priority value used by authentication programs to modify the nice(S) value of a user's login process. upswduser The user name of the account which is allowed to change this user's password. Typically, this is the same as the account name. upwd The encrypted password for the account if the account has a password. urestrict This flag controls whether thorough or brief password triviality checks are performed on any user chosen pass- words. Triviality checks performed include verifying that the password does not represent a login or group name, a palindrome (a word that reads the same forwards as back- wards), or a word recognized by the spell(C) program. usucchg The time of the last successful password change as a timet value. This field should only be set by programs that can be used to change the account password. usuclog The system time of the last successful login to the account as a timet value. usuctty The terminal name associated with the last successful log- in to the account. usyspriv A comma separated list of kernel authorizations for the user. Any valid kernel privilege name (such as chown, or execsuid) may appear in this list. utype The account type, used for informational purposes. For a normal user, this will be general. Other account types are: root, operator, sso, admin, or pseudo. The type retired indicates that this account is no longer in use, and is used to prevent logins on the account. uunsucchg The time of the last unsuccessful password change as a timet value. This field should only be set by programs that can be used to change the account password. uunsuclog The system time of the last unsuccessful login to the account as a timet value. uunsuctty The terminal name associated with the last unsuccessful login attempt to the account. Examples The following is an example of a typical protected password database file named craig: craig:u_name=craig:u_id#20034:\ :u_pwd=ObaRIyszZwYuUgtH9d8T0Ei6:\ :u_type=general:u_pswduser=craig:\ :u_cmdpriv=su,queryspace,lp,mem,sysadmin,root:\ :u_syspriv=execsuid,nopromain,chmodsugid,chown:\ :u_minchg#0:u_succhg#696188670:u_unsucchg#696527826:\ :u_suclog#699804441:u_suctty=tty06:\ :u_unsuclog#699620228:u_unsuctty=tty04:\ :u_lock@:chkent: This protected password database file is for the user craig. The user ID for craig is 20034 which should match the /etc/passwd entry. The encrypted password is specified by the upwd field. The account is assigned several subsystem authorisations. The specified kernel authori- sations will be raised for this user's login shell processes. The minimum password change time is 0, indicating that the password can be changed at any time. The remaining fields provide account information such as the last successful and unsuccessful password change times as well as the last successful and unsuccessful login times and terminal names. Files /tcb/files/auth/[a-z]/* protected password authentification database files See also authcap(F), default(F), getprpwent(S), login(M), sysadmsh(ADM) Standards conformance prpw is not part of any currently supported standard; it is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.