*******************************************************************************
*
* Valid port attributes:
*
* herald	Specifies the initial message to be printed out when getty or
*		login prompts for a login name.  This value is a string that is
*		written out to the login port.  If the herald is not specified
*		for a port or in the default stanza, then the default herald is
*		gotten from the message catalog associated with the language
*		set in /etc/environment.
*
* logindelay	The delay (in seconds) between unsuccessful login attempts.
*		This delay is multiplied by the number of unsuccessful logins -
*		i.e. if the value is 2, then the delay between unsuccessful
*		logins will be 2 seconds, then 4 seconds, then 6 seconds, etc.
*		Set this attribute to 0 to disable this feature.
*
* logindisable	The number of unsuccessful login attempts before this port is
*		locked.  Used in conjunction with logininterval.  Set this
*		attribute to 0 to disable this feature.
*
* logininterval	The number of seconds during which logindisable unsuccessful
*		login attempts must occur for a port to be locked.
*
* loginreenable	The number of minutes after a port is locked that it will be
*		automatically unlocked.  Setting this attribute to 0 will cause
*		the port to remain locked until the administrator unlocks it.
*
* logintimes	Defines the times a user can use this port to login.  The value
*		is a comma separated list of items as follows:
*			[!][MMdd[-MMdd]]:hhmm-hhmm
*				or
*			[!]MMdd[-MMdd][:hhmm-hhmm]
*				or
*			[!][w[-w]]:hhmm-hhmm
*				or
*			[!]w[-w][:hhmm-hhmm]
*		where MM is a month number (00=January, 11=December), dd is
*		the day of the month, hh is the hour of the day (00 - 23), mm
*		is the minute of the hour, and w is a weekday (0=Sunday, 6=
*		Saturday).
*
* pwdprompt	Defines the password prompt message printed when requesting
*		password input.  The value is a character string.  Format 
*		specifiers will not be interpreted.  If the pwdprompt is
*		not specified for a port or in the default stanza, then the
*		default prompt will be pulled from the message catalog
*		associated with the language set in /etc/environment.
*
* sak_enabled	Defines whether users are allowed to access the trusted path
*		through this port through the use of the secure attention key
*		sequence (ctrl-x ctrl-r).  Possible values: true or false
*
* synonym	Defines the set of ports which are synonyms for the given port;
*		the ownership and permissions of these ports are set along with
*		the given port's ownership and permissions (and sak_enabled is
*		interpreted to be the same for the given port and all of its
*		synonyms).  This is mainly used for specifying that
*		/dev/console and /dev/tty0 (for example) are synonyms since
*		/dev/tty0 is the system console in this example.  The value is
*		a comma separated list of pathnames to device special files.
*
* usernameecho	Defines whether the user name should be echoed on a port.
*		Possible values: true or false 
*
*		true	User name echo is enabled.  This is the default.
*		false	User name echo is disabled.  The user name will
*			not be echoed at the login prompt and will be
*			masked out of security related messages.
*
* The default stanza contains the default values used if no stanza appears for
* a given port.
*
*******************************************************************************

default:
	sak_enabled = false
	logintimes = 
	logindisable = 0
	logininterval = 0
	loginreenable = 0
	logindelay = 0

*/dev/console:
*	synonym = /dev/tty0

*******************************************************************************
* auth_method is no longer used.
* Security methods should be configured in /usr/lib/security/methods.cfg
*******************************************************************************

*******************************************************************************
*
* Other security attributes (usw stanza):
*
* shells	The list of valid login shells for a user; chuser and chsh will
*		only change a user's login shell to one of the shells listed
*		here.
*
* maxlogins	The maximum number of simultaneous logins allowed on the
*		system.
*
* logintimeout	The number of seconds the user is given to enter their
*		password.
*
* auth_type     Determines whether PAM or the standard UNIX authentication
*		mechanism will be used by PAM-aware applications.
*		Valid values: STD_AUTH, PAM_AUTH
*
*******************************************************************************

usw:
	shells = /bin/sh,/bin/bsh,/bin/csh,/bin/ksh,/bin/tsh,/bin/ksh93,/usr/bin/sh,/usr/bin/bsh,/usr/bin/csh,/usr/bin/ksh,/usr/bin/tsh,/usr/bin/ksh93,/usr/bin/rksh,/usr/bin/rksh93,/usr/sbin/uucp/uucico,/usr/sbin/sliplogin,/usr/sbin/snappd
	maxlogins = 32767
	logintimeout = 60
	auth_type = PAM_AUTH