Cover V05, I11
Article
Listing 1
Sidebar 1
Sidebar 2

nov96.tar

Sidebar: Protected Password Authentication Database File Format

An authentication file is maintained for each user account on an Enhanced Security-enabled system. These files are located under /tcb/files/auth, which is accessible only to the superuser. The encrypted password string, among other things, is stored in this file. Options specified in an individual account Protected Password file override any Global settings specified in the System Default file. The following is the Protected Password file for my account on a system running Enhanced Security:

mcheek:u_name=mcheek:u_id#247:u_oldcrypt#0:\
:u_pwd=1o2A5Adx3oXXm:\
:u_succhg#828919424:u_unsucchg#829276329:\
:u_suclog#839193127:u_suctty=ttyp1:\
:u_unsuclog#838691522:u_unsuctty=ttyp1:u_lock@:\
:chkent:

The format for this file is identical to the format for the System Default file.

The example options have the following meaning:

mcheek: This first option is simply the header that specifies the name of file for this security database and is required.

u_name=mcheek: This is the username for the account and must match the username in a corresponding /etc/password entry.

u_id#247: This is the user ID for the account and must match the user ID in a corresponding /etc/password entry.

u_oldcrypt#0: This is the algorithm number used to encrypt the current password.

u_pwd=1o2A5Adx3oXXm: This is the encrypted password string for the account. (This is not an actual password.)

u_succhg#828919424: This option specifies the time of the last successful password change. The time is specified as the number of seconds since the Epoch, 00:00:00 GMT 1 Jan 1970. Obviously, this time value is not immediately useful, and in fact, this field should only be set by programs (such as passwd(1)) that can be used to change the account password.

u_unsucchg#829276329: This option specifies the time of the last unsuccessful password change. This field should not be manually edited.

u_suclog#839193127: This option specifies the time of the last successful login. This field should not be manually edited.

u_suctty=ttyp1: This is the name of the terminal associated with the last successful login to the account.

u_unsuclog#838691522: This option specifies the time of the last unsuccessful login. This field should not be manually edited.

u_unsuctty=ttyp1: This is the name of the terminal associated with the last unsuccessful login to the account.

u_lock@: This Boolean option is used to administratively lock an account. A u_lock entry indicates that the account is locked; a u_lock@ entry indicates that it is not.

For additional information, see the manpage for prpasswd(4).


 

© 2002 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com