Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   31559 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

shadow(4)							     shadow(4)

NAME
     shadow - shadow password file

DESCRIPTION
     /etc/shadow is an access-restricted ASCII system file.  The fields for
     each user entry are separated by colons.  Each user is separated from the
     next by a newline.	 Unlike the /etc/passwd file, /etc/shadow does not
     have general read permission.  To create /etc/shadow from /etc/passwd use
     the pwconv command (see pwconv(1M)).

     Here are the fields in /etc/shadow:

     username	 The user's login name (ID).

     password	 A 13-character encrypted password for the user, a lock string
		 to indicate that the login is not accessible, or no string to
		 show that there is no password for the login.

     lastchanged The number of days between January 1, 1970 and the date that
		 the password was last modified.

     minimum	 The minimum number of days required between password changes.
		 This field is set by passwd -n.

     maximum	 The maximum number of days the password is valid.  This field
		 is set by passwd -m.

     warn	 The number of days before that password expires that the user
		 is warned.  This field is set by passwd -w.

     inactive	 The number of days of inactivity allowed for that user.  This
		 field is set by passmgmt -f days.

     expire	 An absolute date when the login can no longer be used,
		 specified in days since the epoch (January 1, 1970). This
		 field is set by passmgmt -e when, where the when argument is
		 used as an input string to getdate(3).	 passmgmt converts
		 this to the days since the epoch value.

     flag	 Reserved for future use; set to zero.	Currently not used.

     The encrypted password consists of 13 characters chosen from a 64-
     character alphabet (., /, 0-9, A-Z, a-z).

     To update this file, use the passwd command.

     One way of determining the number of days since the epoch:

	  % perl -e 'print int(time/(60*60*24))'

									Page 1

shadow(4)							     shadow(4)

FILES
     /etc/shadow

SEE ALSO
     login(1), passmgmt(1M), passwd(1), pwconv(1M), getspent(3C),
     putspent(3C), passwd(4).

NOTES
     The shadow file can be served through NIS but that should only be done if
     the appropriate attributes in nsd are set correctly for that map:	the
     nis_secure attribute (see nisserv(7)) should be turned on and the mode
     attribute (see nsd(1M)) should be set to 0700. Failing to do so
     introduces a security hole by allowing any user to view entries from the
     shadow file.  This map is not built by default in mdbm_parse.  Ypmake
     needs to be called with the explicit map name shadow.  Also a line would
     need to be added to the servers nsswitch.conf file to allow serving the
     shadow map.

     An administrator should configure /etc/securenets (see securenets(4)) to
     list only those hosts that are intended to be NIS clients.

									Page 2

Vote for polarhome