<xsd:element name="shadow_test" substitutionGroup="oval:test">
<xsd:annotation>
<xsd:documentation>This test allows you to check information from the /etc/shadow file for a specific user. This file contains a user's password, but also their password aging and lockout information.</xsd:documentation>
<xsd:documentation>Background: Unix systems are generally configured to only allow a given password to last for a fixed period of time. When this time, the chg_req parameter, is near running out, the system begins warning the user at each login. How soon before the expiration the user receives these warnings is specified in exp_warn. The only hiccup in this design is that a user may not login in time to ever receive a warning before account expiration. The exp_inact parameter gives the sysadmin flexibility so that a user who reaches the end of their expiration time gains exp_inact more days to login and change their password manually.</xsd:documentation>
<xsd:appinfo>
<test_name>Shadow Test</test_name>
<extends>standardTestType</extends>
<valid_sections>notes, object, data</valid_sections>
<example />
</xsd:appinfo>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval:standardTestType">
<xsd:sequence>
<xsd:element name="object" minOccurs="1" maxOccurs="1">
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval:objectType">
<xsd:sequence>
<xsd:element name="username" type="oval:subtestStringType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This is the name of the user being checked.</xsd:documentation>
<xsd:appinfo>
<parent_test>Shadow Test</parent_test>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<xsd:element name="data" minOccurs="0" maxOccurs="1">
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval:dataType">
<xsd:sequence>
<xsd:element name="password" type="oval:subtestStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This is the encrypted version of the user's password.</xsd:documentation>
<xsd:appinfo>
<parent_test>Shadow Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="chg_lst" type="oval:subtestStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This is the date of the last password change in days since 1/1/1970.</xsd:documentation>
<xsd:appinfo>
<parent_test>Shadow Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="chg_allow" type="oval:subtestStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This specifies the minimum period in days that must expire before the password can be changed.</xsd:documentation>
<xsd:appinfo>
<parent_test>Shadow Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="chg_req" type="oval:subtestStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This describes how long a user can keep a password before the system forces user to change it.</xsd:documentation>
<xsd:appinfo>
<parent_test>Shadow Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="exp_warn" type="oval:subtestStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The number of days the user is warned before his password expires.</xsd:documentation>
<xsd:appinfo>
<parent_test>Shadow Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="exp_inact" type="oval:subtestStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This describes how many days of account inactivity the system will wait after a password expires before locking the account.</xsd:documentation>
<xsd:appinfo>
<parent_test>Shadow Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="exp_date" type="oval:subtestStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This specifies in days since 1/1/1970 when the account's password will expire.</xsd:documentation>
<xsd:appinfo>
<parent_test>Shadow Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="flag" type="oval:subtestStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This is a reserved field that the shadow file may use in the future.</xsd:documentation>
<xsd:appinfo>
<parent_test>Shadow Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
|
XSD Schema Diagram:
