Unix/Linux Go Back    


OpenSolaris 2009.06 - man page for shadow (opensolaris section 4)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


shadow(4)				   File Formats 				shadow(4)

NAME
       shadow - shadow password file

DESCRIPTION
       /etc/shadow  is	an access-restricted ASCII system file that stores users' encrypted pass-
       words and related information. The shadow file can  be  used  in  conjunction  with  other
       shadow  sources,  including the NIS maps passwd.byname and passwd.byuid and the NIS+ table
       passwd. Programs use the getspnam(3C) routines to access this information.

       The fields for each user entry are separated by colons. Each user is  separated	from  the
       next  by  a  newline.  Unlike the /etc/passwd file, /etc/shadow does not have general read
       permission.

       Each entry in the shadow file has the form:

	 username:password:lastchg:min:max:warn:inactive:expire:flag

       The fields are defined as follows:

       username    The user's login name (UID).

       password    An encrypted password for the user generated by crypt(3C), a  lock  string  to
		   indicate  that  the	login  is  not accessible, or no string, which shows that
		   there is no password for the login.

		   The lock string is defined as *LK* in the first four characters of  the  pass-
		   word field.

       lastchg	   The number of days between January 1, 1970, and the date that the password was
		   last modified. The lastchg value is a decimal number, as interpreted  by  str-
		   tol(3C).

       min	   The	minimum number of days required between password changes. This field must
		   be set to 0 or above to enable password aging.

       max	   The maximum number of days the password is valid.

       warn	   The number of days before password expires that the user is warned.

       inactive    The number of days of inactivity allowed for that user. This is counted  on	a
		   per-machine	basis;	the  information  about  the last login is taken from the
		   machine's lastlog file.

       expire	   An absolute date expressed as the number of days since the Unix Epoch (January
		   1,  1970).  When  this  number is reached the login can no longer be used. For
		   example, an expire value of 13514 specifies a login expiration of  January  1,
		   2007.

       flag	   Failed  login count in low order four bits; remainder reserved for future use,
		   set to zero.

       A value of -1 for min, max, or warn disables password aging.

       The encrypted password consists of at most CRYPT_MAXCIPHERTEXTLEN characters chosen from a
       64-character  alphabet  (.,  /, 0-9, A-Z, a-z). Two additional special characters, "$" and
       ",", can also be used and  are  defined	in  crypt(3C).	To  update  this  file,  use  the
       passwd(1), useradd(1M), usermod(1M), or userdel(1M) commands.

       In  order  to  make system administration manageable, /etc/shadow entries should appear in
       exactly the same order as /etc/passwd entries; this includes ``+'' and  ``-''  entries  if
       the compat source is being used (see nsswitch.conf(4)).

       Values for the various time-related fields are interpreted as Greenwich Mean Time.

FILES
       /etc/shadow	     shadow password file

       /etc/passwd	     password file

       /etc/nsswitch.conf    name-service switch configuration file

       /var/adm/lastlog      time of last login

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Stable			   |
       +-----------------------------+-----------------------------+

SEE ALSO
       login(1),   passwd(1),	useradd(1M),  userdel(1M),  usermod(1M),  strtol(3C),  crypt(3C),
       crypt_gensalt(3C), getspnam(3C), putspent(3C), nsswitch.conf(4), passwd(4), attributes(5),
       pam_unix_account(5), pam_unix_auth(5)

NOTES
       If  password  aging  is	turned	on  in any name service the passwd: line in the /etc/nss-
       witch.conf file must have a format specified in the nsswitch.conf(4) man page.

       If the /etc/nsswitch.conf passwd policy is not in one of  the  supported  formats,  logins
       will  not  be  allowed upon password expiration, because the software does not know how to
       handle password updates under these conditions. See nsswitch.conf(4) for additional infor-
       mation.

SunOS 5.11				   15 Sep 2005					shadow(4)
Unix & Linux Commands & Man Pages : ©2000 - 2017 Unix and Linux Forums


All times are GMT -4. The time now is 11:48 PM.