Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
shadow(4)			 File Formats			     shadow(4)

       shadow -	shadow password	file

       /etc/shadow  is	an  access-restricted  ASCII  system  file that	stores
       users' encrypted	passwords and related information. The shadow file can
       be  used	 in  conjunction  with other shadow sources, including the NIS
       maps  passwd.byname and	passwd.byuid and the NIS+ table	 passwd.  Pro-
       grams use the getspnam(3C) routines to access this information.

       The  fields  for	 each user entry are separated by colons. Each user is
       separated from the next by a  newline.  Unlike  the  /etc/passwd	 file,
       /etc/shadow does	not have general read permission.

       Each entry in the shadow	file has the form:

       username:password:lastchg: min:max:warn:	inactive:expire:flag

       The fields are defined as follows:

		    The	user's login name (UID).

		    A  13-character  encrypted	password  for the user,	a lock
		    string to indicate that the	login is not accessible, or no
		    string,  which shows that there is no password for the lo-

		    The	lock string is defined as *LK* in the first four char-
		    acters of the password field.

		    The	 number	 of days between January 1, 1970, and the date
		    that the password was last modified.

	      min   The	minimum	 number	 of  days  required  between  password

	      max   The	maximum	number of days the password is valid.

	      warn  The	 number	 of days before	password expires that the user
		    is warned.

		    The	number of days of inactivity allowed for that user.

		    An absolute	date specifying	when the login may  no	longer
		    be used.

	      flag  Reserved for future	use, set to zero. Currently not	used.

       The encrypted password consists of 13 characters	chosen from a 64-char-
       acter alphabet (., /, 0-9, A-Z, a-z). To	 update	 this  file,  use  the
       passwd(1), useradd(1M), usermod(1M), or	userdel(1M) commands.

       In order	to make	system administration manageable,  /etc/shadow entries
       should appear in	exactly	the same order as  /etc/passwd entries;	  this
       includes	 ``+''	and  ``-''  entries if the compat source is being used
       (see nsswitch.conf(4)).

	     shadow password file

	     password file

	     name-service switch configuration file

       login(1),  passwd(1),  useradd(1M),  userdel(1M),  usermod(1M),	getsp-
       nam(3C),	putspent(3C), nsswitch.conf(4),	passwd(4)

       If  password aging is turned on in any name service the passwd: line in
       the /etc/nsswitch.conf file must	have a format specified	 in  the  nss-
       witch.conf(4) man page.

       If  the /etc/nsswitch.conf passwd policy	is not in one of the supported
       formats,	logins will not	be allowed upon	 password  expiration  because
       the  software  does not know how	to handle password updates under these
       conditions. See nsswitch.conf(4)	for additional information.

SunOS 5.9			  30 Nov 2001			     shadow(4)


Want to link to this manual page? Use this URL:

home | help