Microprocessor-efficient user ID administration with the mkpasswd command

Edit online

To improve login response time and conserve microprocessor time in systems with many users, the operating system can use a indexed version of the /etc/passwd file to look up user IDs. When this facility is used, the /etc/passwd file still exists, but is not used in normal processing.

The indexed versions of the file are built by the mkpasswd command. If the indexed versions are not current, login processing reverts to a slow, microprocessor-intensive sequential search through /etc/passwd.

The command to create indexed password files is mkpasswd -f. This command creates indexed versions of /etc/passwd, /etc/security/passwd, and /etc/security/lastlog. The files created are /etc/passwd.nm.idx, /etc/passwd.id.idx, /etc/security/passwd.idx, and /etc/security/lastlog.idx. Note that this will greatly enhance performance of applications that also need the encrypted password (such as login and any other program that needs to do password authentication).

Applications can also be changed to use alternative routines such as _getpwent() instead of getpwent(), _getpwnam_shadow(name,0) instead of getpwnam(name), or _getpwuid_shadow(uid,0) instead of getpwuid(uid) to do name/ID resolution in cases where the encrypted password is not needed. This prevents a lookup of /etc/security/passwd.

Do not edit the password files by hand because the time stamps of the database files (.idx) will not be in sync and the default lookup method (linear) will be used. If the passwd, mkuser, chuser, rmuser commands (or the SMIT command equivalents, with fast paths of the same name) are used to administer user IDs, the indexed files are kept up to date automatically. If the /etc/passwd file is changed with an editor or with the pwdadm command, the index files must be rebuilt.

Note: The mkpasswd command does not affect NIS, DCE, or LDAP user databases.