1shadow(4) File Formats shadow(4)
2
6 shadow - shadow password file
7
9 /etc/shadow is an access-restricted ASCII system file that stores
10 users' encrypted passwords and related information. The shadow file can
11 be used in conjunction with other shadow sources, including the NIS
12 maps passwd.byname and passwd.byuid and the NIS+ table passwd. Programs
13 use the getspnam(3C) routines to access this information.
14 The fields for each user entry are separated by colons. Each user is
17 separated from the next by a newline. Unlike the /etc/passwd file,
18 /etc/shadow does not have general read permission.
19 Each entry in the shadow file has the form:
22 username:password:lastchg:min:max:warn:inactive:expire:flag
24 The fields are defined as follows:
28 username The user's login name (UID).
30 password An encrypted password for the user generated by crypt(3C),
33 a lock string to indicate that the login is not accessible,
34 or no string, which shows that there is no password for the
35 login.
36 The lock string is defined as *LK* in the first four char‐
38 acters of the password field.
39 lastchg The number of days between January 1, 1970, and the date
42 that the password was last modified. The lastchg value is a
43 decimal number, as interpreted by strtol(3C).
44 min The minimum number of days required between password
47 changes. This field must be set to 0 or above to enable
48 password aging.
49 max The maximum number of days the password is valid.
52 warn The number of days before password expires that the user is
55 warned.
56 inactive The number of days of inactivity allowed for that user.
59 This is counted on a per-machine basis; the information
60 about the last login is taken from the machine's lastlog
61 file.
62 expire An absolute date expressed as the number of days since the
65 Unix Epoch (January 1, 1970). When this number is reached
66 the login can no longer be used. For example, an expire
67 value of 13514 specifies a login expiration of January 1,
68 2007.
69 flag Failed login count in low order four bits; remainder
72 reserved for future use, set to zero.
73 A value of -1 for min, max, or warn disables password aging.
77 The encrypted password consists of at most CRYPT_MAXCIPHERTEXTLEN char‐
80 acters chosen from a 64-character alphabet (., /, 0−9, A−Z, a−z). Two
81 additional special characters, "$" and ",", can also be used and are
82 defined in crypt(3C). To update this file, use the passwd(1), user‐
83 add(1M), usermod(1M), or userdel(1M) commands.
84 In order to make system administration manageable, /etc/shadow entries
87 should appear in exactly the same order as /etc/passwd entries; this
88 includes ``+'' and ``-'' entries if the compat source is being used
89 (see nsswitch.conf(4)).
90 Values for the various time-related fields are interpreted as Greenwich
93 Mean Time.
94
96 /etc/shadow shadow password file
97 /etc/passwd password file
100 /etc/nsswitch.conf name-service switch configuration file
103 /var/adm/lastlog time of last login
106
109 See attributes(5) for descriptions of the following attributes:
110 ┌─────────────────────────────┬─────────────────────────────┐
115 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
116 ├─────────────────────────────┼─────────────────────────────┤
117 │Interface Stability │Stable │
118 └─────────────────────────────┴─────────────────────────────┘
119
121 login(1), passwd(1), useradd(1M), userdel(1M), usermod(1M), strtol(3C),
122 crypt(3C), crypt_gensalt(3C), getspnam(3C), putspent(3C), nss‐
123 witch.conf(4), passwd(4), attributes(5), pam_unix_account(5),
124 pam_unix_auth(5)
125
127 If password aging is turned on in any name service the passwd: line in
128 the /etc/nsswitch.conf file must have a format specified in the nss‐
129 witch.conf(4) man page.
130 If the /etc/nsswitch.conf passwd policy is not in one of the supported
133 formats, logins will not be allowed upon password expiration, because
134 the software does not know how to handle password updates under these
135 conditions. See nsswitch.conf(4) for additional information.
136SunOS 5.11 15 Sep 2005 shadow(4)