default(F)

default -- system default database file

Format

Description

The default file (/etc/auth/system/default) allows an administrator to define and change system-wide parameter values globally for users and devices.

Changes to this file are normally made by selecting the System Defaults Manager.

default contains three types of parameters:

System wide parameters which do not appear in any other system database. A system wide parameter not specified in default database is undefined.
User parameters which are typically specified in a protected password database file (see prpw(F)).
Terminal control parameters which are typically specified in the terminal control database file (see ttys(F)).

System default parameters may be specified for fields found in the protected password (prpw) and terminal control (ttys) databases. Trusted programs honor the values from the prpw and ttys databases first if provided. Otherwise, the program may choose to use the system default value if one has been specified. If neither value is specified, the program may supply a reasonable default value or abort.

For descriptions of the specific fields provided by the protected password and terminal control databases, see the prpw(F) and ttys(F) manual pages.

The following fields are unique to the system default database and should not be specified in any of the other system databases:

u_integrity: Indicates whether inconsistencies between data held in the passwd file and the prpw database will cause a failure, or be silently ignored.
d_name: Set to the string ``default''.
u_pwseg: Contains a value determining how many segments, each equivalent to 8 characters of clear text, are significant when validating passwords.
u_secclass: Identifies the security class supported by the system. Used for informational purposes only. Possible values are a1, b1, b2, b3, c1, c2, and d.
u_singleuserpswd: Indicates whether the root password is required to enter system maintenance mode.
u_tcbpw: Indicates whether the prpw database or the passwd file should be used when there are inconsistencies between them.

Examples

The following is an example of a typical system default database:

   default:\
   	:d_name=default:\
   	:u_pwd=*:\
   	:u_priority#0:\
   	:u_cmdpriv=audittrail,su,queryspace,printqueue:\
   	:u_syspriv=execsuid,nopromain,chmodsugid,chown:\
   	:u_minchg#0:u_maxlen#10:\
   	:u_exp#3628800:u_life#15768000:\
   	:u_pickpw:u_genpwd:u_restrict@:u_nullpw@:\
   	:u_suclog#0:u_unsuclog#0:u_maxtries#5:u_lock:\
   	:u_singleuserpswd:u_secclass=c2:\
   	:u_integrity:u_tcbpw:u_pwseg#10:\
   	:t_logdelay#2:t_maxtries#9:t_login_timeout#40:\
   	:chkent:

This system default database defines the three different types of values which are supported. The following values are assigned on a system-wide only basis:

The root password must be supplied to enter system maintenance mode (u_singleuserpswd).
The system security class is defined as c2 (u_secclass=c2).
Inconsistencies in data held about a user in the passwd and prpw files will cause operations such as login to fail (u_integrity).
When information about a user in passwd and prpw differs, the prpw information will be assumed to be correct (u_tcbpw).
Lastly, up to 80 characters of clear text are significant in password comparisons (u_pwseg#10).

This database also defines protected password and terminal control database default values. Fields beginning with u_ correspond to protected password fields. Similarly, fields starting with the t_ prefix are terminal control database fields. The three field types are used to supply system-wide default values if a user or terminal specific value is not supplied by the corresponding database. See the prpw(F) and ttys(F) manual pages for these databases for a complete description of the applicable fields.

Files

/etc/auth/system/default: system default database

Standards conformance