shadow(4)

NAME

     shadow - shadow password file

DESCRIPTION

     /etc/shadow is an access-restricted ASCII system  file  that
     stores  users'  encrypted passwords and related information.
     The shadow file can be used in conjunction with other shadow
     sources,   including   the   NIS   maps   passwd.byname  and
     passwd.byuid and the NIS+ table  passwd.  Programs  use  the
     getspnam(3C) routines to access this information.

     The fields for each user entry are separated by colons. Each
     user  is  separated  from  the next by a newline. Unlike the
     /etc/passwd file, /etc/shadow does  not  have  general  read
     permission.

     Each entry in the shadow file has the form:

     username:password:lastchg: min:max:warn: inactive:expire:flag

     The fields are defined as follows:

          username
                The user's login name (UID).

          password
                An encrypted password for the user  generated  by
                crypt(3C),  a  lock  string  to indicate that the
                login is not  accessible,  or  no  string,  which
                shows that there is no password for the login.

                The lock string is defined as *LK* in  the  first
                four characters of the password field.

          lastchg
                The number of days between January 1,  1970,  and
                the date that the password was last modified.

          min   The minimum number of days required between pass-
                word changes.

          max   The maximum number of days the password is valid.

          warn  The number of days before password  expires  that
                the user is warned.

          inactive
                The number of days of inactivity allowed for that
                user. This is counted on a per-machine basis; the
                information about the last login  is  taken  from
                the machine's lastlog file.

          expire
                An absolute date specifying when the login may no
                longer be used.

          flag  Reserved for future use, set to  zero.  Currently
                not used.

     The encrypted password consists of 13 characters chosen from
     a  64-character  alphabet  (.,  /, 0-9, A-Z, a-z). To update
     this file, use the passwd(1), useradd(1M),  usermod(1M),  or
     userdel(1M) commands.

     In  order  to   make   system   administration   manageable,
     /etc/shadow  entries should appear in exactly the same order
     as  /etc/passwd  entries;  this  includes  ``+''  and  ``-''
     entries   if   the   compat   source   is  being  used  (see
     nsswitch.conf(4)).

FILES

     /etc/shadow
           shadow password file

     /etc/passwd
           password file

     /etc/nsswitch.conf
           name-service switch configuration file

     /var/adm/lastlog
           time of last login

SEE ALSO

     login(1), passwd(1), useradd(1M), userdel(1M),  usermod(1M),
     crypt(3C),  crypt_gensalt(3C),  getspnam(3C),  putspent(3C),
     nsswitch.conf(4), passwd(4)

NOTES

     If password aging is turned  on  in  any  name  service  the
     passwd: line in the /etc/nsswitch.conf file must have a for-
     mat specified in the nsswitch.conf(4) man page.

     If the /etc/nsswitch.conf passwd policy is not in one of the
     supported  formats, logins will not be allowed upon password
     expiration because the software does not know how to  handle
     password     updates    under    these    conditions.    See
     nsswitch.conf(4) for additional information.
Man(1) output converted with man2html