NAME [Toc] [Back]
shadow - shadow password file
SYNOPSIS [Toc] [Back]
DESCRIPTION [Toc] [Back]
The /etc/shadow file is created from the /etc/passwd file by the
pwconv command. It is readable only by a privileged user. It can be
modified by the passwd, useradd, usermod, and userdel commands.
Programs may use the interfaces described in the getspent(3C) manpage
to access this information. These functions return a pointer to an
spwd structure, which is defined in the <shadow.h> header file.
Fields [Toc] [Back]
The /etc/shadow file is an ASCII file consisting of any number of user
entries separated by newlines. Each user entry line consists of the
following fields separated by colons:
login name Each login name must match a login name in
/etc/passwd. pwconv puts the user entries in
/etc/shadow in the same order as the /etc/passwd
The password field of each /etc/passwd entry
contains an `x', and the actual encrypted
passwords reside in /etc/shadow. The encrypted
password field consists of 13 characters chosen
from a 64-character set of "digits". The
characters used to represent "digits" are . for 0,
/ for 1, 0 through 9 for 2 through 11, A through Z
for 12 through 37, and a through z for 38 through
63. If this field is null, then there is no
password and no password is demanded on login.
Login can be prevented by entering a character
that is not a part of the set of digits (such as
last change The number of days since January 1, 1970 that the
password was last modified.
min days The minimum period in days that must expire before
the password can be changed.
max days The maximum number of days for which a password is
valid. A user who attempts to login after his
password has expired is forced to supply a new
one. If min days and max days are both zero, the
user is forced to change his password the next
time he logs in. If min days is greater than max
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
days, then the password cannot be changed. These
restrictions do not apply to the superuser.
warn days The number of days the user is warned before his
inactivity The maximum number of days of inactivity allowed
after a password has expired. The account is
locked if the password is not changed within the
specified number of days after the password
expires. If this field is set to zero, then the
user is required to change his password.
expiration The absolute number of days since Jan 1, 1970
after which the account is no longer valid. A
value of zero in this field indicates that the
account is locked.
reserved The reserved field is always zero and is reserved
for future use.
Notes [Toc] [Back]
The /etc/shadow file is not applicable to a system which has been
converted to a trusted system.
FILES [Toc] [Back]
/etc/passwd system password file
/etc/shadow shadow password file
SEE ALSO [Toc] [Back]
login(1), passwd(1), pwconv(1M), pwunconv(1M), useradd(1M),
userdel(1M), usermod(1M), crypt(3C), getspent(3C), putspent(3C),
nsswitch.conf(4), passwd(4), shadow(4).
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003 [ Back ]