prpwd.4 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

prpwd(4) prpwd(4)

(TO BE OBSOLETED)

NAME

prpwd - protected password authentication database ﬁles used for trusted systems

SYNOPSIS

/tcb/files/auth/*

DESCRIPTION

An authentication proﬁle is maintained for each user on the system. A user proﬁle is kept in a protected

password database ﬁle that is accessible only to the System Administrator. The protected password data-

base ﬁles contain among other things the encrypted password for the user account. On a trusted system,

the passwords are hidden from normal users.

The protected password database ﬁles do not obviate the need for the

/etc/passwd and the

/etc/group ﬁles. Users must be deﬁned in the

/etc/passwd ﬁle in order to use the system. The

protected password database ﬁle for a user contains the user name and user id to provide a correlation to

the user’s

/etc/passwd entry. These must match or the user account will be treated as invalid.

Protected password database ﬁles are maintained in the

/tcb/files/auth

hierarchy. This directory

contains other directories each named with a single letter from the alphabet. User authentication proﬁles

are stored in these directories based on the ﬁrst letter of the user account name. This enables an efﬁcient

search operation to locate the ﬁle for a speciﬁc user name. For instance, the authentication proﬁle for the

root account is located in the /tcb/files/auth/r

directory and can be accessed by opening the ﬁle

/tcb/files/auth/r/root

Fields deﬁned in a ﬁle are user speciﬁc values. These values override the system default values. Trusted

programs check ﬁrst for the existence of user speciﬁc parameters before using a system default value.

A protected password database ﬁle contains keyword ﬁeld identiﬁers and, depending on the ﬁeld type, a

value for that ﬁeld (certain ﬁeld types do not require an explicit value). The exact syntax for ﬁeld

speciﬁcations is described in authcap (4). Field speciﬁcation is consistent for all system authentication

databases. The keyword ﬁeld identiﬁers supported by the protected password database ﬁle and their

associated function are given in the following descriptions:

u_name This is the user name for the account which must match the name of the ﬁle and the

user name from the corresponding

/etc/passwd entry.

u_id This is the user ID for the account which must match the user id ﬁeld of the

corresponding /etc/passwd entry.

u_pwd This ﬁeld contains the encrypted password for the account if the account has a pass-

word.

u_owner This ﬁeld contains the owner of the account.

u_booauth If this ﬁeld exists and contains a value greater than zero (typically 1), and the boot

authenticate ﬂag is set in the system default ﬁle, then this user has authority to boot

the system. If the boot authenticate ﬂag is not set in the system default ﬁle then this

ﬁeld is not used.

u_audid This ﬁeld contains the audit ID for the user.

u_auditflag This ﬁeld contains the audit ﬂag for the user.

u_minchg This ﬁeld speciﬁes the minimum password change time in seconds. If non-zero, the

password cannot be changed until the speciﬁed number of seconds since the last suc-

cessful password change have passed unless the person changing the password is

authorized to override this constraint.

u_maxlen This ﬁeld speciﬁes the maximum length for system-generated passwords. It should be

less than the system-wide maximum value deﬁned by the <prot.h> constant

AUTH_MAX_PASSWD_LENGTH.

u_exp This ﬁeld is a time_t value that speciﬁes when the account password will expire.

When a password expires, system authentication programs will request that the pass-

word be changed when the user logs into the system. If the password lifetime expires

before the password is changed, the account will be locked.

u_life This ﬁeld is a time_t value that speciﬁes the lifetime of a password. If this time is

reached, the account will be locked and can only be unlocked by an authorized system

administrator.

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (4 pages)

PAGE 1
prpwd(4) prpwd(4) (TO BE OBSOLETED) NAME prpwd - protected password authentication database files used for trusted systems SYNOPSIS /tcb/files/auth/* DESCRIPTION An authentication profile is maintained for each user on the system. A user profile is kept in a protected password database file that is accessible only to the System Administrator. The protected password database files contain among other things the encrypted password for the user account.
PAGE 2
prpwd(4) prpwd(4) (TO BE OBSOLETED) u_succhg This field is a time_t value that indicates the time of the last successful password change. This field should only be set by programs that can be used to change the account password. u_unsucchg This field is a time_t value that indicates the time of the last unsuccessful password change. This field should only be set by programs that can be used to change the account password.
PAGE 3
prpwd(4) prpwd(4) (TO BE OBSOLETED) u_maxtries This field specifies the maximum number of consecutive unsuccessful login attempts to the account that are permitted until the account is locked. u_lock This flag field is used to administratively lock an account. A user cannot login to a locked account. Notes The getprpwent (3) routines are used to parse the protected password database files into a structure that can used by programs.
PAGE 4
(Notes) A (Notes) pA 4 Hewlett-Packard Company −1− HP-UX 11i Version 3: September 2010