Manualshelf

HP-UX Reference (11i v2 07/12) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals
351352353354355356357358359360
s
shadow(4) shadow(4)
NAME
shadow - shadow password file
SYNOPSIS
#include <shadow.h>
DESCRIPTION
The /etc/shadow file is created from the
/etc/passwd file by the pwconv command. It is readable
only by a privileged user. It can be modified by the
passwd, useradd, usermod, and userdel com-
mands. Programs may use the interfaces described in the getspent(3C) manpage to access this information.
These functions return a pointer to an
spwd
structure, which is defined in the <shadow.h> header file.
Fields
The
/etc/shadow file is an ASCII file consisting of any number of user entries separated by newlines.
Each user entry line consists of the following fields separated by colons:
login_name Each login_name must match a login name in
/etc/passwd . pwconv puts the
user entries in
/etc/shadow in the same order as the
/etc/passwd entries.
encrypted_password
The password field of each
/etc/passwd entry contains an "x", and the actual
encrypted passwords reside in /etc/shadow . The encrypted_password field con-
sists of 13 characters chosen from a 64-character set of "digits". The characters
used to represent "digits" are
. for 0, / for 1,
0 through 9 for 2 through 11, A
through Z for 12 through 37, and a through z for 38 through 63.
If the SHA product is installed, the password field may contain the prefix
$n$,
where n is a label identifying an alternative algorithm used for the password hash.
Using the new algorithm results in an encrypted password field which is longer
than 13 characters. The password field will consist of digits from the same 64-
character set, as well as the additional
$ character used as a delimiter.
If this field is null, then there is no password, and no password is demanded on
login. Login can be prevented by entering a character that is not in the set of
digits (for example, "*").
last_change The number of days since January 1, 1970 that the password was last modified.
min_days The minimum period in days that must expire before the password can be changed.
See also PASSWORD_MINDAYS
in security(4) and the passwd -n command in
passwd(1).
max_days The maximum number of days for which a password is valid. A user who attempts
to login after his password has expired is forced to supply a new one. If min_days
and max_days are both zero, the user is forced to change his password the next
time he logs in. If min_days is greater than max_days, then the password cannot
be changed. These restrictions do not apply to the superuser. See also
PASSWORD_MAXDAYS in security(4) and the
passwd -x command in
passwd(1).
warn_days The number of days the user is warned before his password expires. See also
PASSWORD_WARNDAYS in security(4) and the passwd -w command in
passwd(1).
inactivity The maximum number of days of inactivity allowed. This field has meaning only if
the TrustedMigration product is installed. This field is set with the -f option of
either the
useradd or usermod command. If this value is greater than zero,
then the account is locked if there have been no logins to the account for at least
the specified number of days. If this value is less than or equal to zero, the value is
determined by the INACTIVITY_MAXDAYS attribute. See the description of
INACTIVITY_MAXDAYS in security(4).
expiration The absolute number of days since Jan 1, 1970 after which the account is no longer
valid. A value of zero in this field indicates that the account is locked.
reserved The reserved field is always zero and is reserved for future use.
HP-UX 11i Version 2: December 2007 Update 1 Hewlett-Packard Company 355