unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

shadow(4)                        File Formats                        shadow(4)



NAME
       shadow - shadow password file

DESCRIPTION
       /etc/shadow  is  an  access-restricted  ASCII  system  file that stores
       users' encrypted passwords and related information. The shadow file can
       be  used  in  conjunction  with other shadow sources, including the NIS
       maps passwd.byname and passwd.byuid and the NIS+ table passwd. Programs
       use the getspnam(3C) routines to access this information.

       The  fields  for  each user entry are separated by colons. Each user is
       separated from the next by a  newline.  Unlike  the  /etc/passwd  file,
       /etc/shadow does not have general read permission.

       Each entry in the shadow file has the form:


       username:password:lastchg:min:max:warn:inactive:expire:flag


       The fields are defined as follows:

       username        The user's login name (UID).



       password        An   encrypted  password  for  the  user  generated  by
                       crypt(3C), a lock string to indicate that the login  is
                       not accessible, or no string, which shows that there is
                       no password for the login.

                       The lock string is defined as *LK* in  the  first  four
                       characters of the password field.



       lastchg         The  number  of  days  between January 1, 1970, and the
                       date that the password was last modified.



       min             The minimum number of days  required  between  password
                       changes. This field must be set to 0 or above to enable
                       password aging.



       max             The maximum number of days the password is valid.



       warn            The number of days before  password  expires  that  the
                       user is warned.



       inactive        The number of days of inactivity allowed for that user.
                       This is counted on a per-machine basis; the information
                       about  the last login is taken from the machine's last-
                       log file.



       expire          An absolute date  specifying  when  the  login  may  no
                       longer be used.



       flag            Failed  login  count  in low order four bits; remainder
                       reserved for future use, set to zero.




       The encrypted password consists of at most CRYPT_MAXCIPHERTEXTLEN char-
       acters  chosen  from a 64-character alphabet (., /, 0-9, A-Z, a-z). Two
       additional special characters, "$" and ",", can also be  used  and  are
       defined  in  crypt(3C).  To  update this file, use the passwd(1), user-
       add(1M), usermod(1M), or  userdel(1M) commands.

       In order to make system administration manageable, /etc/shadow  entries
       should  appear  in  exactly the same order as /etc/passwd entries; this
       includes ``+'' and ``-'' entries if the compat  source  is  being  used
       (see nsswitch.conf(4)).

FILES
       /etc/shadow             shadow password file



       /etc/passwd             password file



       /etc/nsswitch.conf      name-service switch configuration file



       /var/adm/lastlog        time of last login



SEE ALSO
       login(1),  passwd(1), useradd(1M), userdel(1M), usermod(1M), crypt(3C),
       crypt_gensalt(3C),   getspnam(3C),   putspent(3C),    nsswitch.conf(4),
       passwd(4), pam_unix_account(5), pam_unix_auth(5)

NOTES
       If  password aging is turned on in any name service the passwd: line in
       the /etc/nsswitch.conf file must have a format specified  in  the  nss-
       witch.conf(4) man page.

       If  the /etc/nsswitch.conf passwd policy is not in one of the supported
       formats, logins will not be allowed upon  password  expiration  because
       the  software  does not know how to handle password updates under these
       conditions. See nsswitch.conf(4) for additional information.



SunOS 5.10                        10 Mar 2004                        shadow(4)