Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
shadow(4)                        File Formats                        shadow(4)

       shadow - shadow password file

       /etc/shadow is an access-restricted ASCII system file that stores
       users' encrypted passwords and related information. The shadow file can
       be used in conjunction with other shadow sources, including the NIS
       maps  passwd.byname and  passwd.byuid and the NIS+ table  passwd.
       Programs use the getspnam(3C) routines to access this information.

       The fields for each user entry are separated by colons. Each user is
       separated from the next by a newline. Unlike the /etc/passwd file,
       /etc/shadow does not have general read permission.

       Each entry in the shadow file has the form:

       username:password:lastchg: min:max:warn: inactive:expire:flag

       The fields are defined as follows:

                    The user's login name (UID).

                    A 13-character encrypted password for the user, a lock
                    string to indicate that the login is not accessible, or no
                    string, which shows that there is no password for the

                    The lock string is defined as *LK* in the first four
                    characters of the password field.

                    The number of days between January 1, 1970, and the date
                    that the password was last modified.

              min   The minimum number of days required between password

              max   The maximum number of days the password is valid.

              warn  The number of days before password expires that the user
                    is warned.

                    The number of days of inactivity allowed for that user.

                    An absolute date specifying when the login may no longer
                    be used.

              flag  Reserved for future use, set to zero. Currently not used.

       The encrypted password consists of 13 characters chosen from a
       64-character alphabet (., /, 0-9, A-Z, a-z). To update this file, use
       the passwd(1), useradd(1M), usermod(1M), or  userdel(1M) commands.

       In order to make system administration manageable,  /etc/shadow entries
       should appear in exactly the same order as  /etc/passwd entries;  this
       includes ``+'' and ``-'' entries if the compat source is being used
       (see nsswitch.conf(4)).

             shadow password file

             password file

             name-service switch configuration file

       login(1), passwd(1), useradd(1M), userdel(1M), usermod(1M),
       getspnam(3C), putspent(3C), nsswitch.conf(4), passwd(4)

       If password aging is turned on in any name service the passwd: line in
       the /etc/nsswitch.conf file must have a format specified in the
       nsswitch.conf(4) man page.

       If the /etc/nsswitch.conf passwd policy is not in one of the supported
       formats, logins will not be allowed upon password expiration because
       the software does not know how to handle password updates under these
       conditions. See nsswitch.conf(4) for additional information.

SunOS 5.9                         30 Nov 2001                        shadow(4)


Want to link to this manual page? Use this URL:

home | help