Hallo, dies ist ein Test.

PWD: /www/data-lst1/unixsoft/unixsoft/kaempfer/.public_html

Running in File Mode
Relative path: ./../../../../../../usr/./man/man5/shadow.5
Real path: /usr/share/man/man5/shadow.5
Zurück

'\" te
.\" Copyright (c) 1989, AT&T. All rights reserved.
.\" Copyright (c) 2011, 2022, Oracle and/or its affiliates.
.TH shadow 5 "6 Oct 2022" "Oracle Solaris 11.4" "File Formats"
.SH NAME
shadow \- shadow password file
.SH DESCRIPTION
.sp
.LP
\fB/etc/shadow\fR is an access-restricted ASCII system file that stores users' hashed passwords and related information. The shadow file can be used in conjunction with other shadow sources, including the \fBNIS\fR maps \fBpasswd.byname\fR and \fBpasswd.byuid\fR or password data stored on an LDAP server. Programs use the \fBgetspnam\fR(3C) routines to access this information. Shell scripts use the \fBgetent\fR(8) command to access this information. 
.sp
.LP
Unlike the \fB/etc/passwd\fR file, \fB/etc/shadow\fR does not have general read permission.
.sp
.LP
The fields for each user entry are separated by colons. Each user is separated from the next by a newline. Each entry in the shadow file is a single line of the form:
.sp
.in +2
.nf
\fIusername\fR:\fIpassword\fR:\fIlastchg\fR:\fImin\fR:\fImax\fR:\fIwarn\fR:\fIinactive\fR:\fIexpire\fR:\fIflag\fR
.fi
.in -2
.sp
.sp
.LP
The fields are defined as follows:
.sp
.ne 2
.mk
.na
\fB\fIusername\fR\fR
.ad
.RS 12n
.rt
The user's login name (UID).
.RE

.sp
.ne 2
.mk
.na
\fB\fIpassword\fR\fR
.ad
.RS 12n
.rt
A cryptographically hashed password for the user generated by \fBcrypt\fR(3C) or \fBpwhash\fR(1), a \fIlock\fR string to indicate that the login is not accessible, or no string, which shows that there is no password for the login.
.sp
The lock string is defined as \fB*LK*\fR in the first four characters of the password field if the account was manually locked, or \fB*AL*\fR if the account was automatically locked due to the number of authentication failures reaching the configured maximum allowed. See \fBpolicy.conf\fR(5) and \fBuser_attr\fR(5). 
.RE

.sp
.ne 2
.mk
.na
\fB\fIlastchg\fR\fR
.ad
.RS 12n
.rt
The number of days between January 1, 1970, and the date that the password was last modified. The \fIlastchg\fR value is a decimal number, as interpreted by \fBstrtol\fR(3C).
.RE

.sp
.ne 2
.mk
.na
\fB\fImin\fR\fR
.ad
.RS 12n
.rt
The minimum number of days required between password changes. This field must be set to 0 or above to enable password aging.
.RE

.sp
.ne 2
.mk
.na
\fB\fImax\fR\fR
.ad
.RS 12n
.rt
The maximum number of days the password is valid.
.RE

.sp
.ne 2
.mk
.na
\fB\fIwarn\fR\fR
.ad
.RS 12n
.rt
The number of days before password expires that the user is warned.
.RE

.sp
.ne 2
.mk
.na
\fB\fIinactive\fR\fR
.ad
.RS 12n
.rt
The number of days of inactivity allowed for that user. This is counted on a per-machine basis; the information about the last login is taken from the machine's \fBlastlog\fR file. 
.RE

.sp
.ne 2
.mk
.na
\fB\fIexpire\fR\fR
.ad
.RS 12n
.rt
An absolute date expressed as the number of days since the UNIX Epoch (January 1, 1970). When this number is reached the login can no longer be used. For example, an \fIexpire\fR value of \fB17410\fR specifies a login expiration of September 1, 2017. 
.RE

.sp
.ne 2
.mk
.na
\fB\fIflag\fR\fR
.ad
.RS 12n
.rt
Reserved. May be set to arbitrary values. Traditionally, the low order for bits are a failed login count.
.sp
The bits in the remainder may or may not be zero. They may be used at any time for any other purposes.
.RE

.sp
.LP
A value of \fB\(mi1\fR for \fImin\fR, \fImax\fR, or \fIwarn\fR disables password aging.
.sp
.LP
The encrypted password consists of at most \fBCRYPT_MAXCIPHERTEXTLEN\fR characters chosen from a 64-character alphabet (\fB.\fR, \fB/\fR, \fB0-9\fR, \fBA-Z\fR, \fBa-z\fR). Two additional special characters: the dollar sign (\fB$\fR) and the comma (\fB,\fR), can also be used and are defined in \fBcrypt\fR(3C).
.sp
.LP
To update this file, use the \fBpasswd\fR(1), \fBuseradm\fR(8), \fBuseradd\fR(8), \fBusermod\fR(8), or \fBuserdel\fR(8) commands; the \fBpam_chauthtok\fR(3PAM) or \fBusermgr-1\fR(3rad) APIs; or the Oracle Solaris Account Management BUI.
.sp
.LP
To make system administration manageable, \fB/etc/shadow\fR entries should appear in exactly the same order as \fB/etc/passwd\fR entries.
.sp
.LP
Values for the various time-related fields are interpreted as Coordinated Universal Time (\fBUTC\fR). 
.SH AUTHORIZATIONS
.sp
.LP
The authorizations, as defined in \fBuser_attr\fR(5), which are required to modify the various shadow fields are as follows:
.sp
.TS
tab(
);
lw(0.55i) lw(2.75i) lw(2.2i) 
lw(0.55i) lw(2.75i) lw(2.2i) 
.
Field
Operation
Authorization
_
\fIpassword\fR
change one's own password
none required
\fIpassword\fR
change another user's password
\fBsolaris.passwd.assign\fR
\fIpassword\fR
delete, set no login
\fBsolaris.passwd.assign\fR
\fIpassword\fR
T{
set initial password for a newly created account
T}
\fBsolaris.account.activate\fR
\fIpassword\fR
lock, unlock existing account
\fBsolaris.account.setpolicy\fR
\fImin\fR
set min days for password change
\fBsolaris.account.setpolicy\fR
\fImax\fR
set max days for password change
\fBsolaris.account.setpolicy\fR
\fIwarn\fR
set max days for password change
\fBsolaris.account.setpolicy\fR
\fIinactive\fR
set inactivity days allowed
\fBsolaris.account.setpolicy\fR
\fIexpire\fR
set account expiry date
\fBsolaris.account.setpolicy\fR
.TE
.sp
.SH FILES
.sp
.ne 2
.mk
.na
\fB\fB/etc/shadow\fR\fR
.ad
.RS 20n
.rt
Shadow password file
.RE

.sp
.ne 2
.mk
.na
\fB\fB/etc/passwd\fR\fR
.ad
.RS 20n
.rt
Password file
.RE

.sp
.ne 2
.mk
.na
\fB\fB/var/adm/lastlog\fR\fR
.ad
.RS 20n
.rt
Time of last login
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(7) for descriptions of the following attributes:
.sp
.TS
tab(
) box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPE
ATTRIBUTE VALUE
_
Interface Stability
Committed
.TE
.sp
.SH SEE ALSO
.sp
.LP
\fBlogin\fR(1), \fBpasswd\fR(1), \fBpwhash\fR(1), \fBstrtol\fR(3C), \fBcrypt\fR(3C), \fBcrypt_gensalt\fR(3C), \fBgetspnam\fR(3C), \fBputspent\fR(3C), \fBpam_chauthtok\fR(3PAM), \fBusermgr-1\fR(3rad), \fBnsswitch.conf\fR(5), \fBpasswd\fR(5), \fBattributes\fR(7), \fBpam_unix_account\fR(7), \fBpam_unix_auth\fR(7), \fBuseradm\fR(8), \fBuseradd\fR(8), \fBuserdel\fR(8), \fBusermod\fR(8)
.sp
.LP
\fIManaging User Accounts and User Environments in Oracle Solaris 11.4\fR
.SH NOTES
.sp
.LP
If password aging is turned on in any name service the \fIpasswd:\fR line in the \fB/etc/nsswitch.conf\fR file must have a format specified in the \fBnsswitch.conf\fR(5) man page.
.sp
.LP
If the \fB/etc/nsswitch.conf\fR  \fBpasswd\fR policy is not in one of the supported formats, logins will not be allowed upon password expiration, because the software does not know how to handle password updates under these conditions. See \fBnsswitch.conf\fR(5) for additional information.