Content-type: text/html
authcap - Format of security databases (Enhanced Security)
All security-relevant databases are stored in an ASCII format in the file system. This reference page describes the format of these databases.
The first hierarchy (/tcb/files/auth.db and /var/tcb/files/auth.db) contains the protected password databases. The /tcb/files/auth.db database contains information for UIDs from 0 to 99. The /var/tcb/files/auth.db database contains information for UIDs 0 and up.
The second hierarchy (/etc/auth) contains system-wide information. The global system settings reside in the /etc/auth/system directory, which contains the following database files: Default control database File control database Terminal control database Device assignment database
The following is the line from above broken into multiple lines:
smk:u_name=smk:u_id#16:\
:u_pwd=a78/a1.eitfn6:\
:u_lock@:chkent:
All capabilities must be immediately preceded and followed by a colon (:) separator. Entries broken into multiple lines require a colon (and a backslash) at the end of each line and a colon at the beginning of each continuation line in the entry. Continuation lines are indented by a tab character.
Multiple entries are separated by a new line that is not preceded by a continuation character. For example: daa:u_name=daa:u_id#75:u_maxtries#9:u_retired:chkent: smk:u_name=smk:u_id#76:u_maxtries#5:u_retired:chkent:
name:cap1:cap2:...:capn:chkent:
Each entry is referenced by the name followed by the colon (:) character.
At the end of each entry is the chkent field. The "chkent" string indicates that the entry is complete. This is used as an integrity check on each entry by the programs that read the databases.
The names of the capabilities depend on the database. Capabilities can have numeric, Boolean, or string values. Numeric capabilities have the format name#num, where num is a decimal number, an octal number (indicated by a leading 0), or a hexadecimal number (indicated by a leading 0X). Boolean capabilities have the format name or name@, where the first form signals the presence of the capability and the second form signals the absence of the capability. String capabilities have the format name=string, where string is 0 (zero) or more characters. In a string, the backslash (\) and colon (:) characters can be escaped with backslash (\) character.
Protected password database for UIDs from 0 to 99. Protected password database for UIDs 100 and up. Old protected password database Contains the global system settings database.
Functions: getprpwent(3), getdvagent(3), getprdfent (3), getprtcent(3), getprfient(3)
Files: default(4), devassign(4), files(4), prpasswd(4), ttys(4) delim off