Under HP-UX and Tru64, the enhanced security facility provides a mechanism for specifying several security-related terminal line attributes. Default values applying to all terminals without explicitly set overrides are found in the t_ fields of the default file, stored in /etc/auth/system under Tru64 and /tcb/files/auth/system under HP-UX. Here is an example from a Tru64 system: default:\ :d_name=default:\ ... :t_logdelay#2:t_maxtries#10:t_unlock#0:\ :t_login_timeout#15:chkent: These are the settable terminal line attribute fields, which may be used in the default file and in the ttys file; the latter contains entries for each terminal line on the system and is located in /etc/auth/system under Tru64 (in binary form, as ttys.db) and in /tcb/files/auth/system under HP-UX:
Here is an example ttys entry: tty02:t_devname=tty02:t_uid=root:t_logtime#791659419:\ :t_unsucuid=wang:t_unsuctime#793396080:t_prevuid=chavez:\ :t_prevtime#791659434:t_failures#4:t_maxtries#8:t_logdelay#5:\ :t_login_timeout#20:chkent: In addition to the specific security attributes, the entry also holds information about recent login activity on that terminal line: the UID and time of the most recent successful login, last unsuccessful login attempt, and most recent logout from this terminal; and the number of consecutive login failures (this is reset to 0 after a successful login). See the ttys manual page for details on all terminal line-related attributes. In addition, the v_users attribute in the devassign file can specify a comma-separated list of users who may access each device on the system; see the devassign manual page for more information. |