HP-UX Reference (11i v3 07/02) - 3 Library Functions A-M (vol 6)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

541

542

543

544

545

546

547

548

549

550

getprpwent(3) getprpwent(3)

(TO BE OBSOLETED)

fd_owner is the user name accountable for the account. The fd_boot_auth ﬁeld is used when the system

default ﬁle speciﬁes boot authorization is required. The

init

command prompts for a user name and pass-

word. If the authentication succeeds, a value in this ﬁeld allows the user to continue the system boot pro-

cess.

fd_min is the time, in seconds, that must elapse before the user can change passwords. fd_maxlen is the

maximum password length (in characters) for the user. fd_expire is the time, in seconds, until the user’s

password expires. fd_lifetime is the number of seconds that must elapse before the password dies. The

account is considered locked if the password is dead.

fd_schange and fd_uchange record the last successful and unsuccessful password change times.

The fd_acct_expire ﬁeld speciﬁes the absolute period of time in seconds that the account can be used. An

absolute expiration date may be speciﬁed, which is then converted into seconds stored in this ﬁeld. This is

different from fd_expire in that fd_acct_expire speciﬁes an absolute expiration date, while fd_expire is reset

with each password change.

fd_max_llogin speciﬁes the maximum time in seconds allowed since the last login before the account

becomes locked. fd_pw_expire_warning is the time in seconds before the end of fd_expire that the system

warns the user the password is about to expire. fd_pswduser stores the user ID of the user allowed to

change passwords for the account. Typically, this is the account owner.

The next ﬂag ﬁelds control password generation. fd_pick_pwd, if set, allows the user to pick his or her own

password. fd_nullpw, if set, allows the account to be used without a password. fd_gen_pwd enables the

use of the random pronounceable password generator for passwords for this account. fd_gen_chars and

fd_gen_letters allow the password generator to generate passwords composed of random printable charac-

ters and random letters, neither of which is easy to remember. The password change software allows the

user to pick from whichever options are available for his or her account. One of these three ﬁelds

(fd_gen_pwd, fd_gen_chars,orfd_gen_letters) must be set.

fd_pwchanger is the user ID of the user who last changed the password on the user’s account, if it was not

the account owner. fd_restrict, if set, causes triviality checks to be made after the account password has

been chosen to avoid palindromes, user name and machine name permutations, and words appearing in the

dictionary.

The fd_tod speciﬁer is a string, formatted like the UUCP Systems ﬁle, which speciﬁes time intervals during

which the user can log in.

The next ﬁelds are used to protect against login spooﬁng, listing the time and location of last login.

fd_slogin and fd_ulogin are time stamps of the last successful and unsuccessful login attempts. fd_suctty

and fd_unsuctty are the terminal device or (if supported) host names of the terminal or host from which the

last login attempt occurred.

fd_nlogins is the number of unsuccessful login attempts since the last successful login. It is reset to zero

after a successful login. fd_max_tries is the number of unsuccessful attempts until the account is con-

sidered locked.

fd_lock indicates whether the administrative lock on the account is set. Note that an account may be con-

sidered disabled (locked) for reasons not indicated by fd_lock. The account is considered disabled (locked) if

one or more of these activities has occurred:

1. if the password is dead,

2. if the maximum number of unsuccessful attempts has been exceeded,

3. if the administrative lock is set,

4. if the account expiration is reached, or

5. if the time since last login is exceeded.

When

getprpwent is ﬁrst called, it returns a pointer to the ﬁrst user pr_passwd structure in the data-

base; thereafter, it returns a pointer to the next pr_passwd structure in the database so that successive

calls can be used to search the database. Note that entries without a corresponding entry in

/etc/passwd are skipped. The entries are scanned in the order they appear in /etc/passwd .

getprpwuid searches from the beginning of the database until a numerical user ID matching uid is

found and returns a pointer to the particular structure in which it was found. getprpwaid functions like

getprpwuid only it uses the audit ID instead of the UID.

getprpwnam searches from the beginning of the database until a login name matching name is found,

and returns a pointer to the particular structure in which it was found. If an end-of-ﬁle or an error is

encountered on reading, these functions return a NULL pointer.

550 Hewlett-Packard Company − 3 − HP-UX 11i Version 3: February 2007