authcap.4 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

authcap(4) authcap(4)

(TO BE OBSOLETED)

NAME

authcap - security databases for trusted systems

SYNOPSIS

/tcb/files/auth/*

/tcb/files/auth/system/*

DESCRIPTION

All security-relevant databases are stored in an ASCII format in the ﬁle system. This format is converted

to binary structures by support routines described in Section 3 manpages. This manpage describes the

format of these databases, and describes the philosophy of conversion into data structures.

Hierarchy Structure

The complete database resides in two hierarchies:

/tcb/files/auth/* and

/tcb/files. The

ﬁrst hierarchy contains the Protected Password database, and has subdirectories with single letter

names, each of which is a starting letter for user names. Within each of these directories are regular

ﬁles, each containing an authcap (4) format ﬁle containing the Protected Password entry for a particular

user. Thus, all user names beginning with

x have their respective authentication and identity informa-

tion in a ﬁle in directory /tcb/files/auth/x.

Directories within

/tcb/files/auth/system

and /tcb/files contain system-wide information.

Global system settings reside in directory

/tcb/files/auth/system

. Terminal and device assign-

ment ﬁles are located in directory

/tcb/files.

The following database ﬁles reside in directory

system:

default Default Control

The following database ﬁles reside in directory

/tcb/files:

ttys Terminal Control

devassign Device Assignment

File Format

Each data ﬁle (

/tcb/files/auth/system

and /tcb/files) has the same format. Each ﬁle con-

sists of one virtual line, optionally split into multiple physical lines with the \ character present at the

end of all lines except the last. For example, the line

smk:u_name=smk:u_id#16:u_pwd=a78/a1.eitfn6:chkent:

can be split into:

smk:u_name=smk:u_id#16:\

:u_pwd=a78/a1.eitfn6:\

:chkent:

Note that all capabilities must be immediately preceded and followed with the : separator. Multiple line

entries require : at the end of each line and at the beginning of each continuation line in the entry. Con-

tinuation lines are indented by a tab character. Multiple entries are separated by a new-line character

that is not preceded by a continuation character:

daa:u_name=daa:u_id#75:u_maxtries#9:chkent:

smk:u_name=smk:u_id#76:u_maxtries#5:chkent:

Line Format

The format of a line is brieﬂy as follows:

name:cap1:cap2:cap3:...:capn:chkent:

The entry is referenced by the name. The end of the name part of the entry is terminated by the : char-

acter.

At the end of each entry is the chkent ﬁeld. This is used as an integrity check on each entry. The

auth-

cap routines reject all entries that do not contain the chkent terminator.

Each entry has 0 or more capabilities, each terminated with the

: character. Each capability has a

unique name. Numeric capabilities have the format:

#num

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (2 pages)

PAGE 1
authcap(4) authcap(4) (TO BE OBSOLETED) NAME authcap - security databases for trusted systems SYNOPSIS /tcb/files/auth/* /tcb/files/auth/system/* DESCRIPTION All security-relevant databases are stored in an ASCII format in the file system. This format is converted to binary structures by support routines described in Section 3 manpages. This manpage describes the format of these databases, and describes the philosophy of conversion into data structures.
PAGE 2
authcap(4) authcap(4) (TO BE OBSOLETED) where num is a decimal or (0-preceded) octal number. Boolean capabilities have the format: id or id@ where the first form signals the presence of the capability and the second form signals the absence of the capability. String capabilities have the format: A id=string aA where string is 0 or more characters. The \ and : characters are escaped as \\ and \: respectively.