shadow(5) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨 페이지 이름
검색(S)

shadow(5)

shadow(5)                        File Formats                        shadow(5)



NAME
       shadow - shadow password file

DESCRIPTION
       /etc/shadow  is  an  access-restricted  ASCII  system  file that stores
       users' hashed passwords and related information. The shadow file can be
       used  in  conjunction with other shadow sources, including the NIS maps
       passwd.byname and passwd.byuid or  password  data  stored  on  an  LDAP
       server.  Programs use the getspnam(3C) routines to access this informa‐
       tion. Shell scripts use the getent(8) command to access  this  informa‐
       tion.


       Unlike  the  /etc/passwd  file,  /etc/shadow does not have general read
       permission.


       The fields for each user entry are separated by colons.  Each  user  is
       separated  from the next by a newline. Each entry in the shadow file is
       a single line of the form:

         username:password:lastchg:min:max:warn:inactive:expire:flag



       The fields are defined as follows:

       username    The user's login name (UID).


       password    A cryptographically hashed password for the user  generated
                   by  crypt(3C)  or pwhash(1), a lock string to indicate that
                   the login is not accessible, or no string, which shows that
                   there is no password for the login.

                   The  lock string is defined as *LK* in the first four char‐
                   acters of the password field if the  account  was  manually
                   locked, or *AL* if the account was automatically locked due
                   to the number of authentication failures reaching the  con‐
                   figured    maximum    allowed.   See   policy.conf(5)   and
                   user_attr(5).


       lastchg     The number of days between January 1, 1970,  and  the  date
                   that the password was last modified. The lastchg value is a
                   decimal number, as interpreted by strtol(3C).


       min         The  minimum  number  of  days  required  between  password
                   changes.  This  field  must  be set to 0 or above to enable
                   password aging.


       max         The maximum number of days the password is valid.


       warn        The number of days before password expires that the user is
                   warned.


       inactive    The  number  of  days  of inactivity allowed for that user.
                   This is counted on a  per-machine  basis;  the  information
                   about  the  last  login is taken from the machine's lastlog
                   file.


       expire      An absolute date expressed as the number of days since  the
                   UNIX  Epoch  (January 1, 1970). When this number is reached
                   the login can no longer be used.  For  example,  an  expire
                   value of 17410 specifies a login expiration of September 1,
                   2017.


       flag        Reserved. May be set to  arbitrary  values.  Traditionally,
                   the low order for bits are a failed login count.

                   The  bits in the remainder may or may not be zero. They may
                   be used at any time for any other purposes.



       A value of −1 for min, max, or warn disables password aging.


       The encrypted password consists of at most CRYPT_MAXCIPHERTEXTLEN char‐
       acters  chosen  from a 64-character alphabet (., /, 0-9, A-Z, a-z). Two
       additional special characters: the dollar sign ($) and the  comma  (,),
       can also be used and are defined in crypt(3C).


       To  update  this file, use the passwd(1), useradm(8), useradd(8), user‐
       mod(8),  or  userdel(8)  commands;  the  pam_chauthtok(3PAM)  or  user‐
       mgr-1(3RAD) APIs; or the Oracle Solaris Account Management BUI.


       To  make  system  administration manageable, /etc/shadow entries should
       appear in exactly the same order as /etc/passwd entries.


       Values for the various time-related fields are interpreted  as  Coordi‐
       nated Universal Time (UTC).

AUTHORIZATIONS
       The  authorizations,  as defined in user_attr(5), which are required to
       modify the various shadow fields are as follows:


       tab(); lw(0.55i) lw(2.75i) lw(2.2i) lw(0.55i) lw(2.75i) lw(2.2i) Field‐
       OperationAuthorization _ passwordchange one's own passwordnone required
       passwordchange another user's  passwordsolaris.passwd.assign  password‐
       delete,  set no loginsolaris.passwd.assign passwordT{ set initial pass‐
       word for a newly created account  T}solaris.account.activate  password‐
       lock,  unlock existing accountsolaris.account.setpolicy minset min days
       for password changesolaris.account.setpolicy maxset max days for  pass‐
       word  changesolaris.account.setpolicy  warnset  max  days  for password
       changesolaris.account.setpolicy inactiveset inactivity days  allowedso‐
       laris.account.setpolicy     expireset     account     expiry    dateso‐
       laris.account.setpolicy


FILES
       /etc/shadow           Shadow password file


       /etc/passwd           Password file


       /etc/nsswitch.conf    Name-service switch configuration file


       /var/adm/lastlog      Time of last login


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE  TYPEAT‐
       TRIBUTE VALUE _ Interface StabilityCommitted


SEE ALSO
       login(1),   passwd(1),  pwhash(1),  strtol(3C),  crypt(3C),  crypt_gen‐
       salt(3C),  getspnam(3C),   putspent(3C),   pam_chauthtok(3PAM),   user‐
       mgr-1(3RAD),      nsswitch.conf(5),      passwd(5),      attributes(7),
       pam_unix_account(7),    pam_unix_auth(7),    useradm(8),    useradd(8),
       userdel(8), usermod(8)


       Managing User Accounts and User Environments in Oracle Solaris 11.4

NOTES
       If  password aging is turned on in any name service the passwd: line in
       the /etc/nsswitch.conf file must have a format specified  in  the  nss‐
       witch.conf(5) man page.


       If the /etc/nsswitch.conf  passwd policy is not in one of the supported
       formats, logins will not be allowed upon password  expiration,  because
       the  software  does not know how to handle password updates under these
       conditions. See nsswitch.conf(5) for additional information.



Oracle Solaris 11.4               11 May 2021                        shadow(5)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 5 CSS3