4.3.3.1 Text Authentication Database

A text authentication database consists of one or two flat text files — a password file, which contains user passwords, and a group file, which contains user groups. The latter is optional. Both files have the same format:

• Empty lines are ignored.
• Any text from ‘#’ to the end of the line is ignored.
• Non-empty lines consist of two fields, separated by any amount of white space. The first field is the user name. It serves as a search key in the database. The second field is the requested resource.

Record keys in a password file must be unique, i.e. no two records may contain the same first field. The group file may contain multiple records with the same key. For example:

$ grep smith pass
smith guessme
$ grep smith group
smith user
smith timing
smith tester

This means that user ‘smith’ has password ‘guessme’ and is a member of three groups: ‘user’, ‘timing’ and ‘tester’.

A URL of a text database begins with ‘text’ and contains only the path element, which gives the name of the directory where the database files reside. The name of a password file is given by the password-resource statement. The name of a group file is given by the group-resource statement.

For example, if user passwords are kept in the file passwd, user groups are kept in the file user, and both files reside in /var/db/dico directory, then the appropriate database configuration will be:

user-db text:///var/db/dico {
  password-resource passwd;
  group-resource group;
}