1SHADOW(5)                File Formats and Conversions                SHADOW(5)
2
3
4

NAME

6       shadow - encrypted password file
7

DESCRIPTION

9       shadow contains the encrypted password information for user's accounts
10       and optional the password aging information. Included is:
11
12       ·  login name
13
14       ·  encrypted password
15
16       ·  days since Jan 1, 1970 that password was last changed
17
18       ·  days before password may be changed
19
20       ·  days after which password must be changed
21
22       ·  days before password is to expire that user is warned
23
24       ·  days after password expires that account is disabled
25
26       ·  days since Jan 1, 1970 that account is disabled
27
28       ·  a reserved field
29
30
31The password field must be filled. The encrypted password consists of 13 to 24
32characters from the 64 characters alphabet a thru z, A thru Z, 0 thru 9, \.
33and /. Optionally it can start with a "$" character. This means the encrypted
34password was generated using another (not DES) algorithm. For example if it
35starts with "$1$" it means the MD5-based algorithm was used.
36
37Refer to crypt(3) for details on how this string is interpreted.
38
39If the password field contains some string that is not valid result of

crypt(3), for instance ! or *, the user will not be able to use a unix

41password to log in, subject to pam(7).
42
43The date of the last password change is given as the number of days since Jan
441, 1970. The password may not be changed again until the proper number of days
45have passed, and must be changed after the maximum number of days. If the
46minimum number of days required is greater than the maximum number of day
47allowed, this password may not be changed by the user.
48
49An account is considered to be inactive and is disabled if the password is not
50changed within the specified number of days after the password expires. An
51account will also be disabled on the specified day regardless of other
52password expiration information.
53
54This information supersedes any password or password age information present
55in /etc/passwd.
56
57This file must not be readable by regular users if password security is to be
58maintained.
59

FILES

61       /etc/passwd
62          User account information.
63
64       /etc/shadow
65          Secure user account information.
66

SEE ALSO

68       chage(1), login(1), su(1), passwd(1), passwd(5), pwconv(8),
69       pwunconv(8), sulogin(8).
70
71
72
73File Formats and Conversions      07/30/2006                         SHADOW(5)
Impressum