Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

login(1)

passmgmt(1M)

passwd(1)

pwconv(1M)

getspent(3C)

putspent(3C)

passwd(4)



shadow(4)                                                            shadow(4)



NAME
     shadow - shadow password file

DESCRIPTION
     /etc/shadow is an access-restricted ASCII system file.  The fields for
     each user entry are separated by colons.  Each user is separated from the
     next by a newline.  Unlike the /etc/passwd file, /etc/shadow does not
     have general read permission.  To create /etc/shadow from /etc/passwd use
     the pwconv command (see pwconv(1M)).

     Here are the fields in /etc/shadow:

     username    The user's login name (ID).

     password    A 13-character encrypted password for the user, a lock string
                 to indicate that the login is not accessible, or no string to
                 show that there is no password for the login.

     lastchanged The number of days between January 1, 1970 and the date that
                 the password was last modified.

     minimum     The minimum number of days required between password changes.
                 This field is set by passwd -n.

     maximum     The maximum number of days the password is valid.  This field
                 is set by passwd -m.

     warn        The number of days before that password expires that the user
                 is warned.  This field is set by passwd -w.

     inactive    The number of days of inactivity allowed for that user.  This
                 field is set by passmgmt -f days.

     expire      An absolute date when the login can no longer be used,
                 specified in days since the epoch (January 1, 1970). This
                 field is set by passmgmt -e when, where the when argument is
                 used as an input string to getdate(3).  passmgmt converts
                 this to the days since the epoch value.

     flag        Reserved for future use; set to zero.  Currently not used.

     The encrypted password consists of 13 characters chosen from a 64-
     character alphabet (., /, 0-9, A-Z, a-z).

     To update this file, use the passwd command.

     One way of determining the number of days since the epoch:

          % perl -e 'print int(time/(60*60*24))'






                                                                        Page 1






shadow(4)                                                            shadow(4)



FILES
     /etc/shadow

SEE ALSO
     login(1), passmgmt(1M), passwd(1), pwconv(1M), getspent(3C),
     putspent(3C), passwd(4).

NOTES
     Shadow passwords can be used with NIS entries.  If the shadow password
     file is present, each NIS entry must have a distinct shadow password
     entry, and the NIS-supplied encrypted password is not used.  This
     effectively precludes the use of the NIS wildcard entry, +::-1:-1::: or
     netgroup (+@) expansions.










































                                                                        Page 2

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026