Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
shadow(4)			 File Formats			     shadow(4)

       shadow -	shadow password	file

       /etc/shadow  is	an  access-restricted  ASCII  system  file that	stores
       users' encrypted	passwords and related information. The shadow file can
       be  used	 in  conjunction  with other shadow sources, including the NIS
       maps  passwd.byname and	passwd.byuid and the NIS+ table	 passwd.  Pro-
       grams use the getspnam(3C) routines to access this information.

       The  fields  for	 each user entry are separated by colons. Each user is
       separated from the next by a  newline.  Unlike  the  /etc/passwd	 file,
       /etc/shadow does	not have general read permission.

       Each entry in the shadow	file has the form:

       username:password:lastchg: min:max:warn:	inactive:expire:flag

       The fields are defined as follows:

		    The	user's login name (UID).

		    A  13-character  encrypted	password  for the user,	a lock
		    string to indicate that the	login is not accessible, or no
		    string,  which  shows  that	 there	is no password for the

		    The	lock string is defined as *LK* in the first four char-
		    acters of the password field.

		    The	 number	 of days between January 1, 1970, and the date
		    that the password was last modified.

	      min   The	minimum	 number	 of  days  required  between  password

	      max   The	maximum	number of days the password is valid.

	      warn  The	 number	 of days before	password expires that the user
		    is warned.

		    The	number of days of inactivity allowed for that user.

		    An absolute	date specifying	when the login may  no	longer
		    be used.

	      flag  Reserved  for future use, set to zero. Currently not used.

       The encrypted password consists of 13 characters	chosen from a 64-char-
       acter  alphabet	(.,  /,	 0-9,  A-Z, a-z). To update this file, use the
       passwd(1), useradd(1M), usermod(1M), or	userdel(1M) commands.

       In order	to make	system administration manageable,  /etc/shadow entries
       should  appear in exactly the same order	as  /etc/passwd	entries;  this
       includes	``+'' and ``-''	entries	if the compat  source  is  being  used
       (see nsswitch.conf(4)).

	     shadow password file

	     password file

	     name-service switch configuration file

       login(1),  passwd(1),  useradd(1M),  userdel(1M),  usermod(1M),	getsp-
       nam(3C),	putspent(3C), nsswitch.conf(4),	passwd(4)

       If password aging is turned on in any name service the passwd: line  in
       the  /etc/nsswitch.conf	file  must have	a format specified in the nss-
       witch.conf(4) man page.

       If the /etc/nsswitch.conf passwd	policy is not in one of	the  supported
       formats,	 logins	 will  not be allowed upon password expiration because
       the software does not know how to handle	password updates  under	 these
       conditions. See nsswitch.conf(4)	for additional information.

SunOS 5.9			  30 Nov 2001			     shadow(4)


Want to link to this manual page? Use this URL:

home | help