/etc/shadow is a text file that contains secure user information such as:
The public user information are stored in the /etc/passwd file.
The shadow file is readable only by the root account
It's used by the standard Unix authentication mechanism. See the PAM module PAM_UNIX
One line by user where fields are separated by : colon characters
userName:password:10063:0:99999:7:::
| Field | Short description | Long |
|---|---|---|
| userName | username | max 8 character, the username that matches the username of /etc/passwd |
| password | password | 13 character encrypted * A blank entry (eg. ::) indicates a password is not required to log in * A * indicates the account has been disabled. * !! or ! : no password has been given (the account is locked) |
| 10063 | last password change | the number of days (since January 1, 1970) since the password was last changed. |
| 0 | days until change allowed | The number of days before password may be changed (0 indicates it may be changed at any time) |
| 99999 | days before change required | 99999 indicates user can keep his or her password unchanged for many, many years |
| 7 | days warning for expiration | The number of days to warn user of an expiring password (7 for a full week) |
| days before account inactive | The number of days after password expires that account is disabled | |
| date when account expires | The number of days since January 1, 1970 that an account has been disabled | |
| reserved for future use | A reserved field for possible future use |