NAME | DESCRIPTION | SUMMARY OF TRUSTED SOLARIS CHANGES | FILES | SEE ALSO | NOTES
/etc/shadow is an access-restricted ASCII system file that stores users' encrypted passwords and related information. The shadow file can be used in conjunction with other shadow sources, including the NIS maps passwd.byname and passwd.byuid and the NIS+ table passwd. Programs use the getspnam(3C) routines to access this information.
The fields for each user entry are separated by colons. Each user is separated from the next by a newline. Unlike the /etc/passwd file, /etc/shadow does not have general read permission.
Each entry in the shadow file has the form:
username:password:lastchg: min:max:warn: inactive:expire:flag
The user's login name (UID).
A 13-character encrypted password for the user, a lock string to indicate that the login is not accessible, or no string, which shows that there is no password for the login.
The number of days between January 1, 1970, and the date that the password was last modified.
The minimum number of days required between password changes.
The maximum number of days the password is valid.
The number of days before password expires that the user is warned.
The number of days of inactivity allowed for that user.
An absolute date specifying when the login may no longer be used.
Used to keep a count of the bad passwords entered by the account. If the correct password is entered, or if a new password is assigned to the account, the count is reset to 0. If the count exceeds the maximum number of bad passwords allowed at the site, the account is locked with the string *LK* entered in the status field of the account's passwd(4) entry. An administartor can open a locked account by assigning a new password to the account to reset the count to zero (0). The flag field only works for files and NIS+.
The encrypted password consists of 13 characters chosen from a 64-character alphabet (., /, 0-9, A-Z, a-z). To update this file, use the passwd(1), and smuser(1M) or smrole(1M) commands.
In order to make system administration manageable, /etc/shadow entries should appear in exactly the same order as /etc/passwd entries; this includes ``+'' and ``-'' entries if the compat source is being used (see nsswitch.conf(4)).
In Trusted Solaris 8 and later releases, the flag field is used for files and NIS+.
shadow password file
password file
name-service switch configuration file
extended user attributes database
If password aging is turned on in any name service the passwd: line in the /etc/nsswitch.conf file must have a format specified in the nsswitch.conf(4) man page.
If the /etc/nsswitch.conf passwd policy is not in one of the supported formats, logins will not be allowed upon password expiration because the software does not know how to handle password updates under these conditions. See nsswitch.conf(4) for additional information.
NAME | DESCRIPTION | SUMMARY OF TRUSTED SOLARIS CHANGES | FILES | SEE ALSO | NOTES