System Administration Guide
Chapter 5, Maintaining system security

The authentication database files

The authentication database files

Several database files store the characteristics of the system, its users, its administrators, and its subsystems so that a site can control its own security parameters. These databases reside on the system and are maintained by an administrator. The format of these files is discussed in the authcap(F) manual page.


WARNING: The Authentication database files are not meant to be edited by hand. The trusted system utilities and SCOadmin applications maintain and display the information contained in the databases. We do not recommend modification through any other means.

The Audit and File Control databases are independent databases. The other databases described here (the Protected Password database, the Terminal Control database, the Subsystem database, and the Device Assignment database) are referred to collectively as the Authentication database. The Authentication database is the responsibility of the authentication administrator, who has the auth authorization. Here are brief descriptions for each of the databases:

Audit
controls the behavior of the audit system. This includes the types of activity, the system records on the audit trail, the performance/reliability attributes of the audit subsystem, and the filesystem devices on which audit information is collected. By changing parameters stored in the Audit database, the audit administrator can adjust the audit subsystem to suit the performance and security requirements of the site.

Device Assignment
stores device pathnames relating to the same physical device. For example, /dev/tty1a and /dev/tty1A may refer to the same serial port with modem control disabled and enabled, respectively. This database is used by init(M) and getty(M) to stop one form of login spoofing.

Protected Password
stores security information about each user. The user entry includes the encrypted password (which no longer appears in the regular password database /etc/passwd) and password change, user authorization, and user audit parameters. By setting up this database properly, the authentication administrator controls how users identify and authenticate themselves to the system, the types of privilege users are allowed, and the extent to which users' actions are recorded in the audit trail. The System Defaults database, containing the system-wide default security parameters, is considered part of the Protected Password database.

Terminal Control
gives access to the system through terminals. It records login activity through each attached terminal (last login and logout user, time stamps, and so forth). The Terminal Control database lets the authentication administrator set different policies on different terminals depending upon the site's physical and administrative needs.

Subsystem
is actually a series of files (one per subsystem) that list users who are given special privilege either to be a subsystem administrator or to perform special functions within a protected subsystem. These files are another element of the Authentication database, which enhances accountability of administrative actions by allowing only specified users to run programs that maintain the internal subsystems. Security is enhanced by controlling who has permission to execute programs that maintain subsystems and by accounting for the real users that assume administrative roles.

File Control
helps maintain the integrity of the TCB. It does this by maintaining a record of the contents and protection attributes of files important to the TCB's operation. This database provides an effective tool for detecting modifications to the active copy of the TCB. The system administrator program integrity(ADM) checks the TCB file permissions against this database.