prpasswdd(8)prpasswdd(8)NAMEprpasswdd - Enhanced security daemon
SYNOPSIS
/usr/sbin/prpasswdd [-lifetime secs] [-reply_lifetime secs] [-depth n]
[-debug]
OPTIONS
Enables request logging by the auth facility in syslog. This should
only be used for debugging, because the volume of logged data can be
considerable. Limits the number of remembered entries kept cached in
memory (for speed). The default depth is unlimited. Limits the amount
of time (in seconds) that remembered entries are kept cached in memory.
The default lifetime is 1 hour (3600 seconds). Limits the amount of
time (in seconds) that client transactions are remembered for fast RPC
replies. The default reply lifetime is 6 minutes (360 seconds), which
allows for minimum of 5 minutes built into the client library code
before timing out a given transaction request.
DESCRIPTION
The enhanced security daemon, prpasswdd, manages writes to the pro‐
tected password authentication database, as well as the other enhanced
security databases. It prevents file lock contention among multiple
writers. A strict C2 security policy, which is optionally configurable
using enhanced security, requires each user login or login failure to
be recorded in the protected password authentication database. These
updates, in combination with password changes and system administration
functions affecting user accounts, are coordinated by the daemon.
Clients communicate with the daemon using rpc. Two daemon processes, a
parent and a child, exist on a system running enhanced security. The
daemon is controlled from /sbin/init.d/prpasswd, which accepts the
start, stop, and restart commands. The active daemon is the child
process, which writes its PID to the /var/run/prpasswdd.pid file.
The daemon services requests from the localhost address (127.0.0.1),
or, for TruCluster Server V5.0 systems, from the default cluster alias
address. Requests from other addresses or from non-privileged ports
are rejected.
Note
The prpasswdd daemon is not required for proper functioning of the sys‐
tem or cluster; it was added to improve performance on systems and
clusters with high login rates. If this enhancement is not needed,
specify the following command on every node in a cluster to stop the
prpasswdd daemon: # /sbin/init.d/prpasswd stop
Also specify the following command once in the cluster to prevent
prpasswdd from restarting on reboot: # /usr/sbin/rcmgr -c set PRPASS‐
WDD_ARGS '-disable'
FILES
/tcb/files/auth.db
/var/tcb/files/auth.db
/etc/auth/system/default
/etc/auth/system/devassign
/etc/auth/system/files
/etc/auth/system/ttys.db
SEE ALSO
Commands: login(1), dxaccounts(8), edauth(8), useradd(8)
Functions: putespwnam(3), putestcnam(3), putesdfnam(3), putesdvnam(3),
putesfinam(3)
Files: authcap(4), default(4), devassign(4), files(4), prpasswd(4),
ttys(4)prpasswdd(8)