default man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

default(4)							    default(4)

NAME
       default - System default database file (Enhanced Security)

DESCRIPTION
       The  system  default  database is unique in that it defines system-wide
       global values. It is designed to provide values for users  and  devices
       at a global level so that an administrator is not required to replicate
       values in user or device databases when they are all the same. In addi‐
       tion  to	 being easier to specify global values, it is also much easier
       to make a global system change if necessary.

       The system default database contains four types of values:  System-wide
       values  that do not have corresponding specifications in any other sys‐
       tem database. If a system-wide value is not specified  in  the  default
       database, then it is undefined.	User values, which are typically spec‐
       ified in a protected password database file.  Terminal control  values,
       which  are  typically specified in the terminal control, database file.
       Device assignment values, which are typically specified in  the	device
       assignment database file.

       The  field  names for each value type begin with an identifying prefix.
       The following list of prefixes  also  lists  the	 reference  page  that
       explains	 the associated database: Defaults database field.  (this ref‐
       erence page) Terminal  control  database	 field.	  (ttys(4))  Protected
       password	 database  field.   (prpasswd(4))  Device  assignment database
       field.  (devassign(4))

       System default parameters can be specified for fields found in the pro‐
       tected  password,  terminal  control,  and device assignment databases.
       When a specific entry is retrieved  from	 one  of  these	 databases,  a
       structure  called  ufld	that  contains all of the explicitly specified
       values is provided to the caller. A second structure, called  sfld,  is
       also provided; it defines those values supplied from the system default
       database.

       Each of these structures has a corresponding flag structure called uflg
       and  sflg  respectively	that  indicates which fields in each structure
       have been specified and are valid for use. Programs honor the user-spe‐
       cific  or device-specific value if one is provided. Otherwise, programs
       use the system default value if one  has	 been  specified.  If  neither
       value  is  specified, the program may supply a reasonable default value
       or abort.

       The following fields are defined only in the defaults database:

       This field contains the value, measured in  seconds,  used  to  control
       whether	a  password  expiration warning is given at login time. If the
       password expiration time contained in  the  user's  protected  password
       database	 file  falls within this time interval (measured from the cur‐
       rent system time), a warning is given.  This field  is  a  string  that
       specifies the full path name of the program or script to call for site-
       specific security policy conformance decisions.	 This  field  contains
       the  name  which	 is  set  by default to the string default.  This flag
       field is not currently used.  This flag is for MLS+ compatibility only.
       It's  ignored in Tru64 UNIX Version 5.1B.  This field is an ASCII iden‐
       tifier of the security class supported by the system and	 is  used  for
       informational  purposes	only.  The choices include a1, b1, b2, b3, c1,
       c2, and d.  A boolean expression indicating that the  password  set  by
       the  administrator  should be set to expire immediately. This flag con‐
       trols whether auto-migration requires a password change at the time  it
       creates	the account, or whether it assumes the password was set at the
       present time.  It also controls the  forced-expiration-required	action
       of  dxchpwd when an administrator changes a user's password.  A boolean
       expression indicating that the ttys  database  is  not  updated	during
       logins.	 This  flag  (if  set  in the system defaults database) causes
       login attempts (successful or not) to skip updating the ttys  database.
       This  speeds up logins at the expense of not doing break-in evasion.  A
       boolean expression that causes a new extended profile to be created  if
       no  extended profile exists, but there is a valid base profile. If this
       flag (in the system defaults database) is set, and a user  attempts  to
       log  in	with  no extended profile, but the user does have a legitimate
       BSD-style profile, an extended profile is created for  that  user  (all
       defaults,  except where specific information is required, like username
       and UID).  A numeric value is  seconds  indicating  how	far  into  the
       future	a   user-initiated   vacation  can  be	scheduled.  If	either
       d_max_vacation_future or d_max_vacation_duration is zero, no  user-ini‐
       tiated  use of the vacationing feature is possible.  This field (in the
       system defaults database) are zero (implicitly) as shipped.  A  numeric
       value  is  seconds indicating how long a user-initiated scheduled vaca‐
       tion can last. If either d_max_vacation_future or  d_max_vacation_dura‐
       tion  is zero, no user-initiated use of the vacationing feature is pos‐
       sible.  This field (in the system defaults database) are zero  (implic‐
       itly)  as  shipped.  A boolean expression that SIA vouching is accepted
       from other authentication mechanisms. If this field is set (in the sys‐
       tem  defaults  database),  then	other  C2 mechanisms will not demand a
       password of their own, if another preceding SIA mechanism  has  already
       validated  the user.  (This is in support of mixing DCE+C2.)  This does
       mean that the C2 password controls do not mean much (if anything)  when
       DCE is up and in use, but is under admin control, and defaults off.  It
       can also be desirable to set this if using S/Key or smartcard support.

EXAMPLES
       The following example is a typical system default database:

       default:\
	       :d_name=default:\
	       :d_secclass=c2:\
	       :d_boot_authenticate@:\
	       :d_audit_enable@:\
	       :d_pw_expire_warning#3456000:\
	       :u_pwd=*:\
	       :u_minchg#0:u_maxlen#10:u_exp#15724800:u_life#31449600:\
	       :u_pickpw:u_genpwd:u_restrict@:u_nullpw@:\
	       :u_genchars:u_genletters:\
	       :u_maxtries#5:u_lock:\
	       :t_logdelay#2:t_maxtries#10:\
	       :chkent:

FILES
       Specifies the pathname of the file.

SEE ALSO
       Functions: getprdfent(3)

       Files: authcap(4), devassign(4), prpasswd(4), ttys(4)

								    default(4)
[top]

List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net