Organizes the basic user database for efficient searches.
mkpasswd [ -v ] { -f | -d | -c} |indexname
The mkpasswd generates indexes over certain security files. These indexes are used by the getpwnam, getpwuid, getuserattr, and putuserattr library subroutines.
This approach significantly enhances performance for large user base systems. The following indexes, defined in /usr/include/usersec.h, are created:
/etc/passwd.nm.idx: | Index over /etc/passwd file using username as key. |
/etc/passwd.id.idx: | Index over /etc/passwd file using userid number as key. |
/etc/security/passwd.idx: | Index over /etc/security/passwd file. |
/etc/security/lastlog.idx: | Index over /etc/security/lastlog file. |
Notes:
- Modifying the security files over which indexes are built by an editor disables the use of indexing mechanism.
- Indexed read of a data file is automatically done if a corresponding index exists over the file and is not older than it (except for lastlog index) .
- In order for indexed mechanism to be used at login, the mkpasswd command must have generated indexes.
- The indexing mechanism replaces the previous hashing mechanism which used dbm files.
Access Control: Only the root user and members of the security group should have execute (x) access to this command. The command should be setuid to the root user so the command has access to the user database. Members of the security group should have access to all the files listed in the Files section. This command should have the trusted computing base attribute.
Files Accessed:
mkpasswd -f
mkpasswd /etc/security/passwd.idx
mkpasswd -c
/usr/sbin/mkpasswd | Contains the mkpasswd command. |
/etc/passwd | Contains basic user attributes. |
/etc/security/passwd | Contains user password attributes |
/etc/security/lastlog | Contains lastlog related attributes |
The passwd command, pwdadm command mkuser command chuser command rmusers command.
The getpwnam subroutine, getpwuid subroutine, getuserattr subroutine, putuserattr subroutine.
For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to the AIX 5L Version 5.2 Security Guide.