authck(ADM)
authck, passwdupd --
check internal consistency of authentication database
Syntax
/tcb/bin/authck
[ -a ]
[ -p ]
[ -s ]
[ -t ]
[ -y | -n ]
[ -v ]
/tcb/bin/passwdupd
[ -s ]
Description
authck checks both the overall structure and internal
field consistency of all components of the Authentication
database. It reports all problems that it finds.
The functionality of passwdupd has been subsumed into the
authck command. passwdupd remains as a compatibility
aid and may be removed in future releases.
The -s option to passwdupd specifies that the
authck subsystem check should be suppressed. If
passwdupd is executed with the -s option,
authck -y -p is executed, otherwise authck -y -p -s
is executed.
authck takes the following options:
-p-
Checks the Protected Password database. A number of tests are performed.
The Protected Password database and /etc/passwd
are checked for completeness such that neither contains
entries not in the other.
Once this is done, the fields common to the Protected Password database and
/etc/passwd are checked to make sure they agree.
Then, fields in the Protected Password database are checked for reasonable
values.
For instance, all time stamps of past events are checked to make
sure they have times less than that returned by
time(S).
-t-
Checks the fields in the Terminal Control database for reasonable values.
All time stamps of past events are checked to make sure they have times less
than that returned by
time.
-s-
Checks the Protected Subsystem database files to ensure they
reflect the subsystem authorization
entries in the Protected Password database correctly.
Each name listed in each subsystem file is verified against the Protected
Password entry with the same name, so that no authorization is inconsistent
between the files.
Also, each Protected Password entry is scanned to ensure that all the
privileges listed are in fact reflected in the Protected Subsystem database.
If any inconsistencies are found and neither the -n or
-y options are specified, the administrator is asked whether
authck should repair the Subsystem database.
-a-
Turns on the -p, -t, and -s options.
-y -
Repairs the database without asking for confirmation.
-n-
Prevents authck from repairing the database.
-v-
Provides running diagnostics as the program proceeds.
It also produces warnings on events that should not occur but otherwise
do not harm the Authentication database and the routines operating on it.
Network Information Service (NIS) entries in
/etc/passwd are not expected to be found in the
Protected Password database.
authck prints a warning if it finds an NIS
entry in /etc/passwd but NIS is not enabled.
If u_integrity is not set in /etc/auth/system/default
and a Protected Password entry exists for an NIS user,
authck non-interactively removes the Protected Password entry.
Authorization
authck requires the invoking user to be root or have the
auth subsystem authorization. The
chown kernel privilege is also required for
authck to repair the subsystem databases.
Files
/etc/passwd-
System password file
/tcb/files/auth/?/
-
Protected Password database
/etc/auth/system/ttys-
Terminal Control database
/etc/auth/system/files-
File Control database
/etc/auth/subsystems/-
Protected Subsystem database
/etc/auth/system/default-
System Defaults database
See also
authcap(F),
default(F),
getprpwent(S),
getprtcent(S),
getprfient(S),
getprdfent(S),
integrity(ADM),
prpw(F),
subsystems(S)
``Maintaining system security'' in the System Administration Guide
Standards conformance
authck is not part of any currently supported standard; it
is an extension of AT&T System V provided by The Santa
Cruz Operation, Inc.
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003