Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ prpw(F) — OpenDesktop 3.0.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

authcap(F)

default(F)

getprpwent(S)

login(M)

sysadmsh(ADM)


 prpw(F)                       06 January 1993                        prpw(F)


 Name

    prpw - protected password authentication database files

 Format

    See authcap(F)

 Description

    An authentication profile is maintained for each user on the system. This
    profile is kept in a protected password database file that is accessible
    only to trusted programs acting on behalf of the TCB. The protected pass-
    word (prpw) database file contains the encrypted password for the user
    account.  On a trusted system, this must be hidden from untrusted users.

    The protected password database files do not remove the need for the
    /etc/passwd and the /etc/group files. Users must be defined in the passwd
    file in order to use the system. The protected password database file for
    a user contains the user name and user ID as defined in the user's
    /etc/passwd entry.

    Protected password database files are maintained in a directory hierarchy
    below the /tcb/files/auth directory. This directory contains 26
    directories, named for every letter in the alphabet.  User authentication
    profiles are stored in these directories according to the first letter of
    the account name. For example, the authentication profile for the root
    account is located in the /tcb/files/auth/r directory and can be accessed
    by opening the file /tcb/files/auth/r/root.

    Changes to these files are normally made by selecting Accounts -> User in
    sysadmsh(ADM).

    A user's prpw file defines their authentication profile by specifying
    values to be interpreted by trusted programs instead of the system
    default value. (Trusted programs check for the existence of user specific
    parameters before using a system default value. See default(F).)

    The following keyword identifiers are supported:

    uauditcntl    A comma separated list of audit event names (such as
                   insuff_priv, proc_mod, or ob_create) that defines those
                   audit events that are explicitly controlled by a disposi-
                   tion mask for any process initiated by this user. Any
                   event specified in this mask can be enabled or disabled
                   for auditing regardless of the system audit mask. This
                   provides a user specific audit control capability. Events
                   not specified in this list will be subject to the system-
                   wide audit disposition mask. This field is used in con-
                   junction with the uauditdisp mask.

    uauditdisp    A comma separated list of audit event names (such as
                   insuff_priv, proc_mod, or ob_create) that defines which of
                   those audit events specified in the audit control mask,
                   uauditcntl, should always be audited.  An event which
                   appears in the control mask but not in this mask will
                   never be audited for this user.

    ucmdpriv      A comma separated list of subsystem authorization names
                   that lists the subsystem authorizations in effect for the
                   user. Subsystem authorizations for a user are not esta-
                   blished by this field, but are instead derived from lists
                   for each subsystem in the directory /etc/auth/subsystems.
                   This field should match the definition of the user's sub-
                   system authorizations in those files, although only the
                   authck(ADM) trusted program checks this.

    uexp          Defines the number of seconds after a successful password
                   change until an account password expires.  When a password
                   expires, system authentication programs will request that
                   the password be changed when the user logs into the sys-
                   tem.

    ugenpwd       This flag controls the ability of a user to use a password
                   generated by the system for their account.

    uid           The user ID for the account. This is the same as the user
                   ID field of the corresponding /etc/passwd entry.

    ulife         The lifetime of a password in seconds. If this time is
                   exceeded, the account will be locked and can only be
                   unlocked by an authorized system administrator.

    ulock         This flag is used to lock an account. A user cannot login
                   to a locked account.

    umaxlen       The maximum length of generated passwords for the user
                   account.

    umaxtries     The maximum number of consecutive unsuccessful login
                   attempts to the account that are permitted until the
                   account is locked.

    uminchg       The minimum password change time in seconds. If non-zero,
                   the password cannot be changed until the specified number
                   of seconds have passed since the last successful password
                   change, unless the person changing the password is author-
                   ized to override this constraint.

    uname         The user name for the account. This should be the same as
                   the name of the prpw file, and the user name from the cor-
                   responding entry in /etc/passwd.

    unullpw       This flag controls the ability of the user to select a
                   null password for the account.

    unumunsuclog  A count of the number of unsuccessful login attempts to
                   the account.  This count is reset when a successful login
                   to the account occurs.

    uowner        Typically used for accounts which do not represent a real
                   user (that is, accounts with a type other than general).
                   It specifies a user who is allowed to use su(C) to enter
                   the account without requiring su secondary subsystem
                   authorisation.

    upickpw       A flag that controls the ability of the user to choose a
                   password for the account. This permits an account to be
                   configured so that the system generates a password rather
                   than letting the user provide one.

    upriority     The priority value used by authentication programs to
                   modify the nice(S) value of a user's login process.

    upswduser     The user name of the account which is allowed to change
                   this user's password. Typically, this is the same as the
                   account name.

    upwd          The encrypted password for the account if the account has
                   a password.

    urestrict     This flag controls whether thorough or brief password
                   triviality checks are performed on any user chosen pass-
                   words.  Triviality checks performed include verifying that
                   the password does not represent a login or group name, a
                   palindrome (a word that reads the same forwards as back-
                   wards), or a word recognized by the spell(C) program.

    usucchg       The time of the last successful password change as a
                   timet value.  This field should only be set by programs
                   that can be used to change the account password.

    usuclog       The system time of the last successful login to the
                   account as a timet value.

    usuctty       The terminal name associated with the last successful log-
                   in to the account.

    usyspriv      A comma separated list of kernel authorizations for the
                   user. Any valid kernel privilege name (such as chown, or
                   execsuid) may appear in this list.

    utype         The account type, used for informational purposes. For a
                   normal user, this will be general. Other account types
                   are: root, operator, sso, admin, or pseudo. The type
                   retired indicates that this account is no longer in use,
                   and is used to prevent logins on the account.

    uunsucchg     The time of the last unsuccessful password change as a
                   timet value.  This field should only be set by programs
                   that can be used to change the account password.

    uunsuclog     The system time of the last unsuccessful login to the
                   account as a timet value.

    uunsuctty     The terminal name associated with the last unsuccessful
                   login attempt to the account.

 Examples

    The following is an example of a typical protected password database file
    named craig:

       craig:u_name=craig:u_id#20034:\
               :u_pwd=ObaRIyszZwYuUgtH9d8T0Ei6:\
               :u_type=general:u_pswduser=craig:\
               :u_cmdpriv=su,queryspace,lp,mem,sysadmin,root:\
               :u_syspriv=execsuid,nopromain,chmodsugid,chown:\
               :u_minchg#0:u_succhg#696188670:u_unsucchg#696527826:\
               :u_suclog#699804441:u_suctty=tty06:\
               :u_unsuclog#699620228:u_unsuctty=tty04:\
               :u_lock@:chkent:

    This protected password database file is for the user craig.  The user ID
    for craig is 20034 which should match the /etc/passwd entry. The
    encrypted password is specified by the upwd field. The account is
    assigned several subsystem authorisations. The specified kernel authori-
    sations will be raised for this user's login shell processes.

    The minimum password change time is 0, indicating that the password can
    be changed at any time.  The remaining fields provide account information
    such as the last successful and unsuccessful password change times as
    well as the last successful and unsuccessful login times and terminal
    names.

 Files

    /tcb/files/auth/[a-z]/*
                        protected password authentification database files

 See also

    authcap(F), default(F), getprpwent(S), login(M), sysadmsh(ADM)

 Standards conformance

    prpw is not part of any currently supported standard; it is an extension
    of AT&T System V provided by The Santa Cruz Operation, Inc.


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026