SunOS man pages : shadow (4)
File Formats shadow(4)
shadow - shadow password file
/etc/shadow is an access-restricted ASCII system file that
stores users' encrypted passwords and related information.
The shadow file can be used in conjunction with other shadow
sources, including the NIS maps passwd.byname and
passwd.byuid and the NIS+ table passwd. Programs use the
getspnam(3C) routines to access this information.
The fields for each user entry are separated by colons. Each
user is separated from the next by a newline. Unlike the
/etc/passwd file, /etc/shadow does not have general read
Each entry in the shadow file has the form:
username:password:lastchg: min:max:warn: inactive:expire:flag
The fields are defined as follows:
The user's login name (UID).
A 13-character encrypted password for the user, a lock
string to indicate that the login is not accessible,
or no string, which shows that there is no password
for the login.
The number of days between January 1, 1970, and the
date that the password was last modified.
min The minimum number of days required between password
max The maximum number of days the password is valid.
warn The number of days before password expires that the
user is warned.
The number of days of inactivity allowed for that
An absolute date specifying when the login may no
longer be used.
flag Reserved for future use, set to zero. Currently not
SunOS 5.8 Last change: 10 Dec 1991 1
File Formats shadow(4)
The encrypted password consists of 13 characters chosen from
a 64-character alphabet (., /, 0-9, A-Z, a-z). To update
this file, use the passwd(1), useradd(1M), usermod(1M), or
In order to make system administration manageable,
/etc/shadow entries should appear in exactly the same order
as /etc/passwd entries; this includes ``+'' and ``-''
entries if the compat source is being used (see
shadow password file
name-service switch configuration file
login(1), passwd(1), useradd(1M), userdel(1M), usermod(1M),
getspnam(3C), putspent(3C), nsswitch.conf(4), passwd(4)
If password aging is turned on in any name service the
passwd: line in the /etc/nsswitch.conf file must have a for-
mat specified in the nsswitch.conf(4) man page.
If the /etc/nsswitch.conf passwd policy is not in one of the
supported formats, logins will not be allowed upon password
expiration because the software does not know how to handle
password updates under these conditions. See
nsswitch.conf(4) for additional information.
SunOS 5.8 Last change: 10 Dec 1991 2