Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Managing Trusted Passwords and System Access
Chapter 8808
the event is logged. The permitted range of access times is stored in the
protected password database for users and may be set with SAM. Users
that are logged in when a range ends are not logged out.
Device-Based Access Control
For each MUX port and dedicated DTC port on a Trusted System, the
system administrator can specify a list of users allowed for access. When
the list is null for a device, all users are allowed access.
The device access information is stored in the device assignment
database, /tcb/files/devassign, which contains an entry for each
terminal device on the Trusted System. A field in the entry lists the
users allowed on the device.
Terminal login information on a Trusted System is stored in the terminal
control database, /tcb/files/ttys, which provides the following data
for each terminal:
• Device name.
• User ID of the last user to successfully log into the terminal.
• Last successful login time to the terminal.
• Last unsuccessful login time to the terminal.
• Number of consecutive unsuccessful logins before terminal is locked.
• Terminal lock flag.
Only superusers may access these Trusted System databases and may
set the entries via SAM. See devassign (4) and ttys (4) for more
information.
Manipulating the Trusted System Databases
The library routines in the following manpages can be used to access
information in the password files and other Trusted System databases.
getdvagent (3) Manipulate device entries in /tcb/files/devassign.
getprdfent (3) Manipulate system defaults in
/tcb/files/auth/system/default.
getprpwent (3) Get password entries from /tcb/files/auth/.
getprtcent (3) Manipulate terminal control database,
/tcb/files/ttys.
getpwent (3C) Get password entries from /etc/passwd.