authsh -- administrator interface for authorization subsystem




authsh is the screen interface invoked by the sysadmsh(ADM) Accounts selection to administer the authorization subsystem. It is a full screen menu-driven interface that provides the functions necessary to control the generation and maintenance of user and system passwords, the terminal database configuration, terminal and account locking, and the generation of administrator reports on system activity.

The functions supported by the main level menu are:

This category of screen interfaces is provided for the setup and maintenance of user accounts and user account passwords. The screens are used to add, update, display, and delete user accounts from the system. Also, modifications to user account passwords or modifications to the various criteria controlling the generation of account passwords is accomplished using this menu option.

These options are provided for the maintenance of system-wide parameters like default privileges, password expiration, password lifetime, single-user password requirement, restrictive password generation, and the delay time between login attempts. These parameters apply on a global system basis rather than a user account basis.

The terminal database interface screens are used for the maintenance of the database entries to support the addition, deletion, and update of terminal information. Additionally, this category includes the necessary screens for setting and clearing locks on specific terminals.

This category provides the administrator with a method of generating various reports on system activity. Report types include password database, terminal database, and login activity reports.

This option provides the administrator with a consistency check on databases (protected password, terminal control database, and subsystem database) and the password file (/etc/passwd). The password check returns system account warning messages. This option is not normally used.

/etc/default/authsh fields

The field values of /etc/default/authsh are:

Name of default login group. Must exist in /etc/group.

List of groups the user is to be a member of. Each group listed must exist in /etc/group. The LOGIN_GROUP does not need to be included in this list. The groups in the list may be separated by commas (,) or spaces.

Name of default login shell, either the name of a shell defined in /usr/lib/mkuser, or the full pathname of an executable file. Note that the empty name is legal but is not equivalent to either sh or /bin/sh.

Default absolute pathname of parent directory of user's home directory. The home directory itself has the same name as the user. This parent directory must be r/w/x by group auth.

Default permissions for the user's home directory. Note that both HOME_DIR and HOME_MODE default settings can be overridden on a shell-specific and/or path-specific basis.

Default type of user:

Individual -- individual's personal account, used by one person, and one person only.
Operator, Administrator, Security Officer -- various classifications of accounts potentially used by more than one individual.
Pseudo-user -- anonymous account never directly used by a user.

All user types except Individual must have an associated account which is allowed to su(C) to the user.

MIN_ADMIN_UID to MAX_ADMIN_UID, inclusive: UID values the administrator may choose.

MIN_SUGGEST_UID to MAX_SUGGEST_UID, inclusive: UID values the system may suggest.

Note that UIDs less than 200 are reserved and should not be used.

Similar to UID ranges.

Note that GIDs less than 100 are reserved and should not be used.

Minimum length of an acceptable user name (default: 3 characters).

Maximum acceptable length of a user name (maximum of 8 characters).

Minimum length for a group name (default: 3 characters).

Maximum length for a group name (default: 8 characters).


Invoking authsh is not recommended; use the sysadmsh Accounts selection.



See also


``Maintaining system security'' in the System Administration Guide

Standards conformance

authsh is not part of any currently supported standard; it is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003