shadow(4) manual page
Table of Contents
shadow - shadow password file
/etc/shadow is an access-restricted
ASCII
system file that stores users’ encrypted passwords and related information.
The shadow file can be used in conjunction with other shadow sources, including
the NIS
maps passwd.byname and passwd.byuid and the NIS+ table passwd.
Programs use the getspnam(3C)
routines to access this information.
The fields
for each user entry are separated by colons. Each user is separated from
the next by a newline. Unlike the /etc/passwd file, /etc/shadow does not
have general read permission.
Each entry in the shadow file has the form:
- username:password:lastchg:min:max:warn:inactive:expire:flagThe fields are
defined as follows:
- username
- The user’s login name (UID
).
- password
- A 13-character
encrypted password for the user, a lock string to indicate that the login
is not accessible, or no string, which shows that there is no password
for the login.
- lastchg
- The number of days between January 1, 1970, and the
date that the password was last modified.
- min
- The minimum number of days
required between password changes.
- max
- The maximum number of days the password
is valid.
- warn
- The number of days before password expires that the user
is warned.
- inactive
- The number of days of inactivity allowed for that user.
- expire
- An absolute date specifying when the login may no longer be used.
- flag
- Reserved for future use, set to zero. Currently not used.
The encrypted
password consists of 13 characters chosen from a 64-character alphabet (.,
/, 0-9, A-Z, a-z). To update this file, use the passwd(1)
, useradd(1M)
, usermod(1M)
,
or userdel(1M)
commands.
In order to make system administration manageable,
/etc/shadow entries should appear in exactly the same order as /etc/passwd
entries; this includes ‘‘+’’ and ‘‘-’’ entries if the compat source is being used
(see nsswitch.conf(4)
).
- /etc/shadow
- shadow password file
- /etc/passwd
- password file
- /etc/nsswitch.conf
- name-service switch configuration file
login(1)
, passwd(1)
, useradd(1M)
, userdel(1M)
, usermod(1M)
, getspnam(3C)
,
putspent(3C)
, nsswitch.conf(4)
, passwd(4)
If password aging is turned
on in any name service the passwd: line in the /etc/nsswitch.conf file must
have a format specified in the nsswitch.conf(4)
man page.
If the /etc/nsswitch.conf
passwd policy is not in one of the supported formats, logins will not be
allowed upon password expiration because the software does not know how
to handle password updates under these conditions. See nsswitch.conf(4)
for
additional information.
Table of Contents
![[Go to CFHT Home Page]](/images/cfht-icon.gif){kind=icon}
Man Pages 
Back to Software Index 
Manpage Top Level