Retrieving shadow Information (System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP))

System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)

Retrieving `shadow` Information

The following syntax shows the proper form of a shadow entry:

username:password:lastchg:min:max:warn:inactive:expire:flag

See the shadow(4) man page for more information.

The nss_ad module retrieves shadow information from AD as follows:

username – Field uses the value of the samAccountName AD attribute and is qualified by the domain name in which the object resides, for example, terryb@example.com.
password – Field uses the value of *NP* because the user password is not available in the AD object.

The rest of the shadow fields are left empty because shadow fields are irrelevant with AD and Kerberos v5.