*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->IRIX man pages -> shadow (4)              


shadow(4)							     shadow(4)

NAME    [Toc]    [Back]

     shadow - shadow password file

DESCRIPTION    [Toc]    [Back]

     /etc/shadow is an access-restricted ASCII system file.  The fields	for
     each user entry are separated by colons.  Each user is separated from the
     next by a newline.	 Unlike	the /etc/passwd	file, /etc/shadow does not
     have general read permission.  To create /etc/shadow from /etc/passwd use
     the pwconv	command	(see pwconv(1M)).

     Here are the fields in /etc/shadow:

     username	 The user's login name (ID).

     password	 A 13-character	encrypted password for the user, a lock	string
		 to indicate that the login is not accessible, or no string to
		 show that there is no password	for the	login.

     lastchanged The number of days between January 1, 1970 and	the date that
		 the password was last modified.

     minimum	 The minimum number of days required between password changes.
		 This field is set by passwd -n.

     maximum	 The maximum number of days the	password is valid.  This field
		 is set	by passwd -m.

     warn	 The number of days before that	password expires that the user
		 is warned.  This field	is set by passwd -w.

     inactive	 The number of days of inactivity allowed for that user.  This
		 field is set by passmgmt -f days.

     expire	 An absolute date when the login can no	longer be used,
		 specified in days since the epoch (January 1, 1970). This
		 field is set by passmgmt -e when, where the when argument is
		 used as an input string to getdate(3).	 passmgmt converts
		 this to the days since	the epoch value.

     flag	 Reserved for future use; set to zero.	Currently not used.

     The encrypted password consists of	13 characters chosen from a 64-
     character alphabet	(., /, 0-9, A-Z, a-z).

     To	update this file, use the passwd command.

     One way of	determining the	number of days since the epoch:

	  % perl -e 'print int(time/(60*60*24))'

									Page 1

shadow(4)							     shadow(4)

FILES    [Toc]    [Back]


SEE ALSO    [Toc]    [Back]

     login(1), passmgmt(1M), passwd(1),	pwconv(1M), getspent(3C),
     putspent(3C), passwd(4).

NOTES    [Toc]    [Back]

     The shadow	file can be served through NIS but that	should only be done if
     the appropriate attributes	in nsd are set correctly for that map:	the
     nis_secure	attribute (see nisserv(7)) should be turned on and the mode
     attribute (see nsd(1M)) should be set to 0700. Failing to do so
     introduces	a security hole	by allowing any	user to	view entries from the
     shadow file.  This	map is not built by default in mdbm_parse.  Ypmake
     needs to be called	with the explicit map name shadow.  Also a line	would
     need to be	added to the servers nsswitch.conf file	to allow serving the
     shadow map.

									PPPPaaaaggggeeee 2222
[ Back ]
 Similar pages
Name OS Title
vipw Linux edit the password, group, shadow-password, or shadow-group file.
putspent IRIX write shadow password file entry
getspent IRIX manipulate shadow password file entry
pwconv HP-UX install, update or check the /etc/shadow file
pwupdate Linux updates passwd and shadow NIS map
shadowconfig Linux toggle shadow passwords on and off
passwd IRIX password file
passwd Linux The password file
passwd HP-UX password file
pwunconv HP-UX convert passwords from shadow to nonshadow
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service