Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
shadow(4)			 File Formats			     shadow(4)

NAME
       shadow -	shadow password	file

DESCRIPTION
       /etc/shadow  is	an  access-restricted  ASCII  system  file that	stores
       users' encrypted	passwords and related information. The shadow file can
       be  used	 in  conjunction  with other shadow sources, including the NIS
       maps  passwd.byname and	passwd.byuid and the NIS+ table	 passwd.  Pro-
       grams use the getspnam(3C) routines to access this information.

       The  fields  for	 each user entry are separated by colons. Each user is
       separated from the next by a  newline.  Unlike  the  /etc/passwd	 file,
       /etc/shadow does	not have general read permission.

       Each entry in the shadow	file has the form:

       username:password:lastchg: min:max:warn:	inactive:expire:flag

       The fields are defined as follows:

	      username
		    The	user's login name (UID).

	      password
		    A  13-character  encrypted	password  for the user,	a lock
		    string to indicate that the	login is not accessible, or no
		    string,  which  shows  that	 there	is no password for the
		    login.

		    The	lock string is defined as *LK* in the first four char-
		    acters of the password field.

	      lastchg
		    The	 number	 of days between January 1, 1970, and the date
		    that the password was last modified.

	      min   The	minimum	 number	 of  days  required  between  password
		    changes.

	      max   The	maximum	number of days the password is valid.

	      warn  The	 number	 of days before	password expires that the user
		    is warned.

	      inactive
		    The	number of days of inactivity allowed for that user.

	      expire
		    An absolute	date specifying	when the login may  no	longer
		    be used.

	      flag  Reserved  for future use, set to zero. Currently not used.

       The encrypted password consists of 13 characters	chosen from a 64-char-
       acter  alphabet	(.,  /,	 0-9,  A-Z, a-z). To update this file, use the
       passwd(1), useradd(1M), usermod(1M), or	userdel(1M) commands.

       In order	to make	system administration manageable,  /etc/shadow entries
       should  appear in exactly the same order	as  /etc/passwd	entries;  this
       includes	``+'' and ``-''	entries	if the compat  source  is  being  used
       (see nsswitch.conf(4)).

FILES
       /etc/shadow
	     shadow password file

       /etc/passwd
	     password file

       /etc/nsswitch.conf
	     name-service switch configuration file

SEE ALSO
       login(1),  passwd(1),  useradd(1M),  userdel(1M),  usermod(1M),	getsp-
       nam(3C),	putspent(3C), nsswitch.conf(4),	passwd(4)

NOTES
       If password aging is turned on in any name service the passwd: line  in
       the  /etc/nsswitch.conf	file  must have	a format specified in the nss-
       witch.conf(4) man page.

       If the /etc/nsswitch.conf passwd	policy is not in one of	the  supported
       formats,	 logins	 will  not be allowed upon password expiration because
       the software does not know how to handle	password updates  under	 these
       conditions. See nsswitch.conf(4)	for additional information.

SunOS 5.9			  30 Nov 2001			     shadow(4)

NAME | DESCRIPTION | FILES | SEE ALSO | NOTES

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=shadow&sektion=4&manpath=SunOS+5.9>

home | help