authck - Checks internal consistency of the authentication database (Enhanced Security)
/tcb/bin/authck [ options ]
Turns on the -p, -t, and -f
Examines the file control database for syntax and value specification errors. Each entry is examined to verify that the syntax is correct and that values such as user names, group names, modes, object types, and other security attributes depending on the system configuration are valid. Checks are also made to ensure that continuation lines are handled properly in ascii files and that each entry is terminated with the chkent field. Errors detected in the file control database cannot be corrected by authck since in most cases the command is unable to determine what the entry should contain. Instead, errors are detected and correction of these errors is left to the ISSO. Checks the protected password database. The cross-references between the protected password database and /etc/passwd are checked to make sure that they are mutually consistent. Then fields in the protected password database are checked for reasonable values. For instance, all timestamps of past events are checked to make sure that they have times less than the times returned by time(). Checks the fields in the terminal control database for reasonable values. All timestamps of past events are checked to make sure they have times less than those returned by time(). Provides running diagnostics as the program proceeds. It also produces warnings on unusual conditions that may not cause program errors in Trusted Computing Base (TCB) programs.
The authck program checks both the overall structure and
internal field consistency of all components of the authentication
database. It reports all problems it finds.
To invoke this program you must log in as root.
If authck did not detect any inconsistencies, it exits with a status of 0 (zero). If the user is not authorized, authck exits with a status of 1. If the user specifies the wrong argument syntax, authck exits with a status of 2. Otherwise, authck exits with status equal to the number of inconsistencies found.
Specifies the command path.
System password file.
Protected password database.
File control database.
Terminal control database.
File control database. System defaults database.
Functions: getprdfent(3), getprpwent(3), getprtcent(3), getprfient(3)
Files: authcap(4), default(4), files(4), prpasswd(4), ttys(4) delim off