File Formats shadow(4)
NAME
shadow - shadow password file
DESCRIPTION
/etc/shadow is an access-restricted ASCI system file that
stores users' encrypted passwords and related information.
The shadow file can be used in conjunction with other shadow
sources, including the NIS maps passwd.byname and
passwd.byuid and the NIS] table passwd. Programs use the
getspnam(3C) routines to access this information.
The fields for each user entry are separated by colons. Each
user is separated from the next by a newline. Unlike the
/etc/passwd file, /etc/shadow does not have general read
permission.
Each entry in the shadow file has the form:
username:password:lastchg:min:max:warn:inactive:expire:flag
The fields are defined as follows:
username The user's login name (UID).
password An encrypted password for the user generated by
crypt(3C), a lock string to indicate that the
login is not accessible, or no string, which
shows that there is no password for the login.
The lock string is defined as *LK* in the first
four characters of the password field.
lastchg The number of days between January 1, 1970, and
the date that the password was last modified.
The lastchg value is a decimal number, as inter-
preted by strtol(3C).
min The minimum number of days required between
password changes. This field must be set to 0 or
above to enable password aging.
max The maximum number of days the password is
valid.
SunOS 5.11 Last change: 15 Sep 2005 1
File Formats shadow(4)
warn The number of days before password expires that
the user is warned.
inactive The number of days of inactivity allowed for
that user. This is counted on a per-machine
basis; the information about the last login is
taken from the machine's lastlog file.
expire An absolute date expressed as the number of days
since the Unix Epoch (January 1, 1970). When
this number is reached the login can no longer
be used. For example, an expire value of 13514
specifies a login expiration of January 1, 2007.
flag Failed login count in low order four bits;
remainder reserved for future use, set to zero.
A value of -1 for min, max, or warn disables password aging.
The encrypted password consists of at most
CRYPTMAXCIPHERTEXTLEN characters chosen from a 64-character
alphabet (., /, 0-9, A-Z, a-z). Two additional special char-
acters, "$" and ",", can also be used and are defined in
crypt(3C). To update this file, use the passwd(1),
useradd(1M), usermod(1M), or userdel(1M) commands.
In order to make system administration manageable,
/etc/shadow entries should appear in exactly the same order
as /etc/passwd entries; this includes ``]'' and ``-''
entries if the compat source is being used (see
nsswitch.conf(4)).
Values for the various time-related fields are interpreted
as Greenwich Mean Time.
FILES
/etc/shadow shadow password file
/etc/passwd password file
/etc/nsswitch.conf name-service switch configuration file
SunOS 5.11 Last change: 15 Sep 2005 2
File Formats shadow(4)
/var/adm/lastlog time of last login
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Interface Stability Stable
SEE ALSO
login(1), passwd(1), useradd(1M), userdel(1M), usermod(1M),
strtol(3C), crypt(3C), cryptgensalt(3C), getspnam(3C),
putspent(3C), nsswitch.conf(4), passwd(4), attributes(5),
pamunixaccount(5), pamunixauth(5)
NOTES
If password aging is turned on in any name service the
passwd: line in the /etc/nsswitch.conf file must have a for-
mat specified in the nsswitch.conf(4) man page.
If the /etc/nsswitch.conf passwd policy is not in one of the
supported formats, logins will not be allowed upon password
expiration, because the software does not know how to handle
password updates under these conditions. See
nsswitch.conf(4) for additional information.
SunOS 5.11 Last change: 15 Sep 2005 3
|
