NAME

default − System default database file (Enhanced Security)

DESCRIPTION

The system default database is unique in that it defines system-wide global values. It is designed to provide values for users and devices at a global level so that an administrator is not required to replicate values in user or device databases when they are all the same. In addition to being easier to specify global values, it is also much easier to make a global system change if necessary. 

The system default database contains four types of values:

system-wideSystem-wide values that do not have corresponding specifications in any other system database. If a system-wide value is not specified in the default database, then it is undefined. 

userUser values, which are typically specified in a protected password database file. 

terminalTerminal control values, which are typically specified in the terminal control, database file. 

device assignment
Device assignment values, which are typically specified in the device assignment database file.

The field names for each value type begin with an identifying prefix.  The following list of prefixes also lists the reference page that explains the associated database:

d_ Defaults database field. (this reference page)

t_ Terminal control database field. (ttys(4))

u_ Protected password database field. (prpasswd(4))

v_ Device assignment database field. (devassign(4))

System default parameters can be specified for fields found in the protected password, terminal control, and device assignment databases. When a specific entry is retrieved from one of these databases, a structure called ufld that contains all of the explicitly specified values is provided to the caller. A second structure, called sfld, is also provided; it defines those values supplied from the system default database. 

Each of these structures has a corresponding flag structure called uflg and sflg respectively that indicates which fields in each structure have been specified and are valid for use.  Programs honor the user-specific or device-specific value if one is provided.  Otherwise, programs use the system default value if one has been specified. If neither value is specified, the program may supply a reasonable default value or abort. 

The following fields are defined only in the defaults database:

d_pw_expire_warning
This field contains the value, measured in seconds, used to control whether a password expiration warning is given at login time. If the password expiration time contained in the user’s protected password database file falls within this time interval (measured from the current system time), a warning is given.

d_pw_site_callout
This field is a string that specifies the full path name of the program or script to call for site-specific security policy conformance decisions.

d_nameThis field contains the name which is set by default to the string default. 

d_boot_authenticate
This flag field is not currently used.

d_secclassThis field is an ASCII identifier of the security class supported by the system and is used for informational purposes only. The choices include a1, b1, b2, b3, c1, c2, and d. 

EXAMPLES

The following example is a typical system default database:

default:\
        :d_name=default:\
        :d_secclass=c2:\
        :d_boot_authenticate@:\
        :d_audit_enable@:\
        :d_pw_expire_warning#3456000:\
        :u_pwd=∗:\
        :u_minchg#0:u_maxlen#10:u_exp#15724800:u_life#31449600:\
        :u_pickpw:u_genpwd:u_restrict@:u_nullpw@:\
        :u_genchars:u_genletters:\
        :u_maxtries#5:u_lock:\
        :t_logdelay#2:t_maxtries#10:\
        :chkent:

FILES

/etc/auth/system/default
Specifies the pathname of the file.

RELATED INFORMATION

Functions: getprdfent(3)

Files: authcap(4), devassign(4), prpasswd(4), ttys(4)