Manual page for shadow(4)
shadow - shadow password file
DESCRIPTION
/etc/shadow
is an access-restricted ASCII system file that
stores users' encrypted passwords and related information.
The shadow file can be used in conjunction with other
shadow sources, including the
NIS
maps
passwd.byname
and
passwd.byuid
and the NIS+ table
passwd.
Programs use the
getspnam.3c
routines to access this information.
The fields for each user entry are separated by colons.
Each user is separated from the next by a newline.
Unlike the /etc/passwd file, /etc/shadow does
not have general read permission.
Each entry in the shadow file has the form:
username:password:lastchg:min:max:warn:inactive:expire:flag
The fields are defined as follows:
- username
-
The user's login name (UID).
- password
-
A 13-character encrypted password for the user, a lock string
to indicate that the login is not accessible, or no string, which shows
that there is no password for the login.
- lastchg
-
The number of days between January 1, 1970, and the date that the
password was last modified.
- min
-
The minimum number of days required between password changes.
- max
-
The maximum number of days the password is valid.
- warn
-
The number of days before password expires that the user is warned.
- inactive
-
The number of days of inactivity allowed for that user.
- expire
-
An absolute date specifying when the login may no longer be used.
- flag
-
Reserved for future use, set to zero.
Currently not used.
The encrypted password consists of 13 characters chosen
from a 64-character alphabet
(., /,
0-9, A-Z, a-z).
To update this file, use the
passwd.1
useradd.1m
usermod.1m
or
userdel.1m
commands.
In order to make system administration manageable,
/etc/shadow
entries
should appear in exactly the same order as
/etc/passwd
entries; this
includes ``+'' and ``-'' entries if the
compat
source is being used (see
nsswitch.conf.4
FILES
- /etc/shadow
-
shadow password file
- /etc/passwd
-
password file
- /etc/nsswitch.conf
-
name-service switch configuration file
SEE ALSO
login.1
passwd.1
useradd.1m
usermod.1m
userdel.1m
putspent.3c
getspnam.3c
nsswitch.conf.4
passwd.4
NOTES
If password aging is turned on in any name service
the passwd: line in the
/etc/nsswitch.conf
file must have a format specified in the
nsswitch.conf.4
man page.
If the
/etc/nsswitch.conf
passwd policy
is not in one of the supported formats,
logins will not be allowed upon
password expiration because the software does not know how to handle
password updates under these conditions.
See
nsswitch.conf.4
for additional information.
Created by unroff & hp-tools.
© somebody (See intro for details). All Rights Reserved.
Last modified 11/5/97