shadow(4)shadow(4)NAMEshadow - shadow password file
SYNOPSISDESCRIPTION
The file is created from the file by the command. It is readable only
by a privileged user. It can be modified by the and commands. Pro‐
grams may use the interfaces described in the getspent(3C) manpage to
access this information. These functions return a pointer to an struc‐
ture, which is defined in the header file.
Fields
The file is an ASCII file consisting of any number of user entries sep‐
arated by newlines. Each user entry line consists of the following
fields separated by colons:
login name Each login name must match a login name in puts the
user entries in in the same order as the entries.
encrypted password
The password field of each entry contains an "x", and the
actual encrypted passwords reside in The encrypted pass‐
word field consists of 13 characters chosen from a
64-character set of "digits". The characters used to
represent "digits" are for 0, for 1, through for 2
through 11, through for 12 through 37, and through for 38
through 63.
If the SHA11i3 product is installed, the password field
may contain the prefix , where n is a label identifying
an alternative algorithm used for the password hash.
Using the new algorithm results in an encrypted password
field which is longer than 13 characters. The password
field will consist of digits from the same 64-character
set, as well as the additional character used as a delim‐
iter.
If this field is null, then there is no password and no
password is demanded on login. Login can be prevented by
entering a character that is not a part of the set of
digits (such as *).
last change
The number of days since January 1, 1970 that the pass‐
word was last modified.
min days
The minimum period in days that must expire before the
password can be changed. See also in security(4) and the
command in passwd(1).
max days
The maximum number of days for which a password is valid.
A user who attempts to login after his password has
expired is forced to supply a new one. If min days and
max days are both zero, the user is forced to change his
password the next time he logs in. If min days is
greater than max days, then the password cannot be
changed. These restrictions do not apply to the supe‐
ruser. See also in security(4) and the command in
passwd(1).
warn days
The number of days the user is warned before his password
expires. See also in security(4) and the command in
passwd(1).
inactivity
The maximum number of days of inactivity allowed. This
field is set with the option of either the or command.
If this value is greater than zero, then the account is
locked if there have been no logins to the account for at
least the specified number of days. If this value is
less than or equal to zero, the value is determined by
the attribute. See the description of in security(4).
expiration
The absolute number of days since Jan 1, 1970 after which
the account is no longer valid. A value of zero in this
field indicates that the account is locked.
reserved
The reserved field is always zero and is reserved for
future use.
Notes
The file is not applicable to a system which has been converted to a
trusted system.
WARNINGS
HP-UX 11i Version 3 is the last release to support trusted systems
functionality.
FILES
system password file
shadow password file
SEE ALSOlogin(1), passwd(1), pwconv(1M), pwunconv(1M), useradd(1M),
userdel(1M), usermod(1M), crypt(3C), getspent(3C), putspent(3C), nss‐
witch.conf(4), passwd(4), security(4).
shadow(4)