Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

audcntl(2)

auth(5)

auditmask(8)

getauth(8)

vipw(8)

edauth(8)

Name

edauth − edit user auth entry

Syntax

edauth username

Description

The edauth command is an authorization editor. edauth creates a temporary file with an ASCII representation of the current auth database entry for the user specified by username and then invokes an editor on the file.  You can then modify the user’s auth fields. Upon leaving the editor, edauth reads the temporary file and modifies the binary database to reflect the changes made. If there are errors in the temporary file edauth will allow the user to resume editing the file to fix them.

The editor invoked is ed(,), unless the environment variable EDITOR specifies otherwise. Here is an example of the temporary file produced by edauth:

uid = 268
password = MXP3BnKLEWW960BEJc9DbHb6
passlifemin = 1 hour
passlifemax = 60 days
passmod = 12/20/89 - 10:24:38
authmask = login,change_password,enter_password
fail_count = 0
audit_id = 268
audit_control = or
audit_syscalls = creat,unlink
audit_tevents = login:0:1

Each field of the auth entry is represented as a keyword followed by an equals sign.  The value part of the field may be an integer, a string, a time specification, a date, or a comma-separated list of value keywords.  The effect of the field is described in auth(.).

The uid, fail_count, and audit_id fields expect integer values.

The password field is a string containing the encrypted password.  One way of disabling an account is to set this to a non-empty string less than 24 characters in length such as ‘nologin’.

The passlifemin and passlifemax fields specify the password expiration information. They may contain an integer specifying seconds, or a combination of scaled values. The units recognized for scaling are seconds, minutes, hours, and days. Only the first letter of the unit need be supplied.  A passlifemax of one day, one hour and five minutes could be specified as any of:

passlifemax = 1 day 1 hour 5 minutes
passlifemax = 25 h 5 m
passlifemax = 90300 seconds
passlifemax = 90300

in addition to other combinations.

The passmod field is a date. It is specified in the same format as the default output of the ULTRIX date(1) command.  The time portion is optional and defaults to the beginning of the day.

The authmask, audit_syscalls, and audit_tevents fields expect a comma-separated list of value tokens. For authmask this is zero or more of login, change_password, and enter_password. For the audit information this corresponds to the name of the audit event. See the auditmask(8) manpage for more information on audit events.

The audit_control field may be one of or, and, or off. See the audcntl(2) manpage for more information on the affect of these values.

Restrictions

Only the superuser can edit auth entries.

Changing the auth entry will not affect the uid and audit information of existing login sessions.

If the uid field of the entry is changed the mapping to the /etc/passwd file will be affected. Changes to the passwd file will probably be necessary.

Diagnostics

Various messages about incorrect input. All are self-explanatory. 

Files

/etc/auth.[dir,pag]
Contains all authorization information

/etc/passwd Maps usernames to UIDs

See Also

audcntl(2), auth(5), auditmask(8), getauth(8), vipw(8)
Security Guide for Administrators

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026