Verifies the correctness of local authentication information.
pwdck { -p | -n | -t | -y } { ALL | User ... }
The pwdck command verifies the correctness of the password information in the user database files by checking the definitions for ALL the users or for the users specified by the User parameter. If more than one user is specified, there must be a space between the names.
Note: This command writes its messages to stderr.
You must select a flag to indicate whether the system should try to fix erroneous attributes. The following attributes are checked for locally defined users in the /etc/passwd file:
Attributes checked in the /etc/security/passwd file are:
Attributes checked in the /etc/security/user file are:
-n | Reports errors but does not fix them. |
-p | Fixes errors but does not report them. |
-t | Reports errors and asks if they should be fixed. |
-y | Fixes errors and reports them. |
Access Control: This command should grant execute (x) access to the root user and members of the security group. The command should be setuid to the root user, to read and write the authentication information, and have the trusted computing base attribute.
Files Accessed:
Mode | File |
---|---|
rw | /etc/passwd |
r | /etc/security/user |
rw | /etc/security/passwd |
r | /etc/security/login.cfg |
Auditing Events:
Event | Information |
---|---|
PASSWORD_Check | user, error/fix, status |
PASSWORD_Ckerr | file/user, error, status |
/usr/bin/pwdck | Contains the pwdck command. |
/etc/passwd | Contains the basic user attributes. |
/etc/security/passwd | Contains actual passwords and security information. |
/etc/security/user | Contains the extended attributes of users. |
/etc/security/login.cfg | Contains configuration information and password restrictions. |
The grpck command, mkpasswd command, sysck command, usrck command.
Standalone System Security in AIX 5L Version 5.2 Security Guide describes the identification and authentication of users, discretionary access control, the trusted computing base, and auditing.