Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Managing Trusted Passwords and System Access
Chapter 8804
The fields contain the following information (listed in order), separated
by colons:
1. User (login) name, consisting of up to 8 characters. (In the example,
robin)
2. Unused password field, held by an asterisk instead of an actual
password. (*)
3. User ID (uid), an integer ranging from 0 to MAXINT-1, equal to
2,147,483,646 or 2
31
-2. (102)
4. Group ID (gid), from /etc/group, an integer ranging from 0 to
MAXINT-1. (99)
5. Comment field, used for identifying information such as the user’s
full name, location, and phone numbers. For historic reasons, this is
also called the gecos field.
(Robin Hood,Rm 3,x9876,408-555-1234)
6. Home directory, the user’s initial login directory. (/home/robin)
7. Login program path name, executed when the user logs in.
(/usr/bin/sh)
The user can change the comment field (fifth field) with chfn and the
login program path name (seventh field) with chsh. The system
administrator sets the remaining fields. The uid should be unique. See
chfn (1), chsh (1), passwd (1), and passwd (4). The user can change the
password in the protected password database with passwd.
The /tcb/files/auth/ Database
When a system is converted to a Trusted System, the encrypted
password, normally held in the second field of /etc/passwd, is moved to
the protected password database, and an asterisk holds its place in the
/etc/passwd file.
Protected password database files are stored in the /tcb/files/auth/
hierarchy. User authentication profiles are stored in these directories
based on the first letter of the user account name. For example, the
authentication profile for user david is stored in the file
/tcb/files/auth/d/david.