Understanding /etc/shadow file

james163

Understanding /etc/shadow file
http://www.cyberciti.biz/faq/understanding-etcshadow-file/
by nixcraft [Last updated: June 3, 2008]
[/url]
Q. Can you explain /etc/shadow file used under Linux or UNIX?
A. /etc/shadow file stores actual password in encrypted format for user's account with additional properties related to user password i.e. it stores secure user account information. All fields are separated by a colon (:) symbol. It contains one entry per line for each user listed in
[url=http://www.cyberciti.biz/faqs/2006/02/understanding-etcpasswd-file-format.php]/etc/passwd file
Generally, shadow file entry looks as follows (click to enlarge image):
/etc/shadow file fields

(Fig.01: /etc/shadow file fields)

User name : It is your login name

Password: It your encrypted password. The password should be minimum 6-8 characters long including special characters/digits

Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed

Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password

Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password)

Warn : The number of days before password is to expire that user is warned that his/her password must be changed

Inactive : The number of days after password expires that account is disabled

Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used
The last 6 fields provides password aging and account lockout features (you need to use chage command to setup password aging). According to man page of shadow - the password field must be filled. The encrypted password consists of 13 to 24 characters from the 64 character alphabet a through z, A through Z, 0 through 9, \. and /. Optionally it can start with a "$" character. This means the encrypted password was generated using another (not DES) algorithm. For example if it starts with "$1$" it means the MD5-based algorithm was used.
                       
-->

本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/21255/showart_1773827.html