 shadow(4)                                                         shadow(4)

 NAME    [Toc]    [Back]
      shadow - shadow password file

 SYNOPSIS    [Toc]    [Back]
      #include <shadow.h>

 DESCRIPTION    [Toc]    [Back]
      The /etc/shadow file is created from the /etc/passwd file by the
      pwconv command.  It is readable only by a privileged user.  It can be
      modified by the passwd, useradd, usermod, and userdel commands.
      Programs may use the interfaces described in the getspent(3C) manpage
      to access this information.  These functions return a pointer to an
      spwd structure, which is defined in the <shadow.h> header file.

    Fields    [Toc]    [Back]
      The /etc/shadow file is an ASCII file consisting of any number of user
      entries separated by newlines.  Each user entry line consists of the
      following fields separated by colons:

           login name     Each login name must match a login name in
                          /etc/passwd.  pwconv puts the user entries in
                          /etc/shadow in the same order as the /etc/passwd

           encrypted password
                          The password field of each /etc/passwd entry
                          contains an `x', and the actual encrypted
                          passwords reside in /etc/shadow.  The encrypted
                          password field consists of 13 characters chosen
                          from a 64-character set of "digits".  The
                          characters used to represent "digits" are . for 0,
                          / for 1, 0 through 9 for 2 through 11, A through Z
                          for 12 through 37, and a through z for 38 through
                          63.  If this field is null, then there is no
                          password and no password is demanded on login.
                          Login can be prevented by entering a character
                          that is not a part of the set of digits (such as

           last change    The number of days since January 1, 1970 that the
                          password was last modified.

           min days       The minimum period in days that must expire before
                          the password can be changed.

           max days       The maximum number of days for which a password is
                          valid.  A user who attempts to login after his
                          password has expired is forced to supply a new
                          one.  If min days and max days are both zero, the
                          user is forced to change his password the next
                          time he logs in.  If min days is greater than max

 shadow(4)                                                         shadow(4)

                          days, then the password cannot be changed.  These
                          restrictions do not apply to the superuser.

           warn days      The number of days the user is warned before his
                          password expires.

           inactivity     The maximum number of days of inactivity allowed
                          after a password has expired.  The account is
                          locked if the password is not changed within the
                          specified number of days after the password
                          expires.  If this field is set to zero, then the
                          user is required to change his password.

           expiration     The absolute number of days since Jan 1, 1970
                          after which the account is no longer valid.  A
                          value of zero in this field indicates that the
                          account is locked.

           reserved       The reserved field is always zero and is reserved
                          for future use.

    Notes    [Toc]    [Back]
      The /etc/shadow file is not applicable to a system which has been
      converted to a trusted system.

 FILES    [Toc]    [Back]
      /etc/passwd                   system password file
      /etc/shadow                   shadow password file

 SEE ALSO    [Toc]    [Back]
      login(1), passwd(1), pwconv(1M), pwunconv(1M), useradd(1M),
      userdel(1M), usermod(1M), crypt(3C), getspent(3C), putspent(3C),
      nsswitch.conf(4), passwd(4), shadow(4).

