authcap(4)authcap(4)NAMEauthcap - security databases for trusted systems
SYNOPSISDESCRIPTION
All security-relevant databases are stored in an ASCII format in the
file system. This format is converted to binary structures by support
routines described in Section 3 manpages. This manpage describes the
format of these databases, and describes the philosophy of conversion
into data structures.
Hierarchy Structure
The complete database resides in two hierarchies: and The first hierar‐
chy contains the Protected Password database, and has subdirectories
with single letter names, each of which is a starting letter for user
names. Within each of these directories are regular files, each con‐
taining an authcap(4) format file containing the Protected Password
entry for a particular user. Thus, all user names beginning with have
their respective authentication and identity information in a file in
directory
Directories within and contain system-wide information. Global system
settings reside in directory Terminal and device assignment files are
located in directory
The following database files reside in directory
Default Control
The following database files reside in directory
Terminal Control
Device Assignment
File Format
Each data file and has the same format. Each file consists of one vir‐
tual line, optionally split into multiple physical lines with the \
character present at the end of all lines except the last. For exam‐
ple, the line
can be split into:
Note that all capabilities must be immediately preceded and followed
with the separator. Multiple line entries require at the end of each
line and at the beginning of each continuation line in the entry. Con‐
tinuation lines are indented by a tab character. Multiple entries are
separated by a new-line character that is not preceded by a continua‐
tion character:
Line Format
The format of a line is briefly as follows:
The entry is referenced by the name. The end of the name part of the
entry is terminated by the character.
At the end of each entry is the chkent field. This is used as an
integrity check on each entry. The routines reject all entries that do
not contain the chkent terminator.
Each entry has 0 or more capabilities, each terminated with the charac‐
ter. Each capability has a unique name. Numeric capabilities have the
format:
where num is a decimal or (0-preceded) octal number. Boolean capabili‐
ties have the format:
id
or
id@
where the first form signals the presence of the capability and the
second form signals the absence of the capability. String capabilities
have the format:
where string is 0 or more characters. The and characters are escaped
as and respectively.
File Locking
All databases use a lock file, the existence of which means that the
file is currently being rewritten. Occasionally, the lock files remain
after a system crash and must be removed manually. The lock file is
formed by appending to the database file name.
Fields/Flags
All databases are converted into structures by programs. The data
structures consist of two substructures, each of which has one member
for each field in the database entry. The field structure contains a
field value (for example, a number, a boolean flag, a directory string,
or a mask), while the flag value (one bit) indicates the presence or
absence of the field in that entry.
WARNINGS
HP-UX 11i Version 3 is the last release to support trusted systems
functionality.
AUTHOR
was developed by HP.
SEE ALSOgetdvagent(3), getprdfent(3), getprpwent(3), getprtcent(3), default(4),
devassign(4), prpwd(4), ttys(4).
TO BE OBSOLETED authcap(4)