In /etc/shadow, the encrypted user passwords are stored. Also, information regarding password expiry is kept in this file. Listing 5-2 shows an example of its contents.
Like /etc/passwd, the lines in /etc/shadow are divided in different fields. For an average administrator, only the first two fields matter. The first field stores the name of the user, and the second field stores the encrypted password. Note that in the encrypted password field, you can use an ! and an * as well. If an ! is used, the login is currently disabled. If an * is used, it is a system account that can be used to start services, but that is not allowed for interactive shell login. Also note that by default an encrypted password is stored here, but it is perfectly possible to store a nonencrypted password as well. The following is an enumeration of fields used in the lines in /etc/shadow:
• Encrypted password
• Days since Jan 1, 1970, that password was last changed
• Days before the password can be changed
• Days after which the password must be changed
• Days before the password is to expire that user is warned
• Days after the password expires that the account is disabled
• Days since Jan 1, 1970, that the account is disabled
• Reserved field
Was this article helpful?