svcadm(8)을 검색하려면 섹션에서 8 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
shadow(5)
shadow(5) File Formats shadow(5)
NAME
shadow - shadow password file
DESCRIPTION
/etc/shadow is an access-restricted ASCII system file that stores
users' hashed passwords and related information. The shadow file can be
used in conjunction with other shadow sources, including the NIS maps
passwd.byname and passwd.byuid or password data stored on an LDAP
server. Programs use the getspnam(3C) routines to access this informa‐
tion. Shell scripts use the getent(8) command to access this informa‐
tion.
Unlike the /etc/passwd file, /etc/shadow does not have general read
permission.
The fields for each user entry are separated by colons. Each user is
separated from the next by a newline. Each entry in the shadow file is
a single line of the form:
username:password:lastchg:min:max:warn:inactive:expire:flag
The fields are defined as follows:
username The user's login name (UID).
password A cryptographically hashed password for the user generated
by crypt(3C) or pwhash(1), a lock string to indicate that
the login is not accessible, or no string, which shows that
there is no password for the login.
The lock string is defined as *LK* in the first four char‐
acters of the password field if the account was manually
locked, or *AL* if the account was automatically locked due
to the number of authentication failures reaching the con‐
figured maximum allowed. See policy.conf(5) and
user_attr(5).
lastchg The number of days between January 1, 1970, and the date
that the password was last modified. The lastchg value is a
decimal number, as interpreted by strtol(3C).
min The minimum number of days required between password
changes. This field must be set to 0 or above to enable
password aging.
max The maximum number of days the password is valid.
warn The number of days before password expires that the user is
warned.
inactive The number of days of inactivity allowed for that user.
This is counted on a per-machine basis; the information
about the last login is taken from the machine's lastlog
file.
expire An absolute date expressed as the number of days since the
UNIX Epoch (January 1, 1970). When this number is reached
the login can no longer be used. For example, an expire
value of 17410 specifies a login expiration of September 1,
2017.
flag Reserved. May be set to arbitrary values. Traditionally,
the low order for bits are a failed login count.
The bits in the remainder may or may not be zero. They may
be used at any time for any other purposes.
A value of −1 for min, max, or warn disables password aging.
The encrypted password consists of at most CRYPT_MAXCIPHERTEXTLEN char‐
acters chosen from a 64-character alphabet (., /, 0-9, A-Z, a-z). Two
additional special characters: the dollar sign ($) and the comma (,),
can also be used and are defined in crypt(3C).
To update this file, use the passwd(1), useradm(8), useradd(8), user‐
mod(8), or userdel(8) commands; the pam_chauthtok(3PAM) or user‐
mgr-1(3RAD) APIs; or the Oracle Solaris Account Management BUI.
To make system administration manageable, /etc/shadow entries should
appear in exactly the same order as /etc/passwd entries.
Values for the various time-related fields are interpreted as Coordi‐
nated Universal Time (UTC).
AUTHORIZATIONS
The authorizations, as defined in user_attr(5), which are required to
modify the various shadow fields are as follows:
tab(); lw(0.55i) lw(2.75i) lw(2.2i) lw(0.55i) lw(2.75i) lw(2.2i) Field‐
OperationAuthorization _ passwordchange one's own passwordnone required
passwordchange another user's passwordsolaris.passwd.assign password‐
delete, set no loginsolaris.passwd.assign passwordT{ set initial pass‐
word for a newly created account T}solaris.account.activate password‐
lock, unlock existing accountsolaris.account.setpolicy minset min days
for password changesolaris.account.setpolicy maxset max days for pass‐
word changesolaris.account.setpolicy warnset max days for password
changesolaris.account.setpolicy inactiveset inactivity days allowedso‐
laris.account.setpolicy expireset account expiry dateso‐
laris.account.setpolicy
FILES
/etc/shadow Shadow password file
/etc/passwd Password file
/etc/nsswitch.conf Name-service switch configuration file
/var/adm/lastlog Time of last login
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Interface StabilityCommitted
SEE ALSO
login(1), passwd(1), pwhash(1), strtol(3C), crypt(3C), crypt_gen‐
salt(3C), getspnam(3C), putspent(3C), pam_chauthtok(3PAM), user‐
mgr-1(3RAD), nsswitch.conf(5), passwd(5), attributes(7),
pam_unix_account(7), pam_unix_auth(7), useradm(8), useradd(8),
userdel(8), usermod(8)
Managing User Accounts and User Environments in Oracle Solaris 11.4
NOTES
If password aging is turned on in any name service the passwd: line in
the /etc/nsswitch.conf file must have a format specified in the nss‐
witch.conf(5) man page.
If the /etc/nsswitch.conf passwd policy is not in one of the supported
formats, logins will not be allowed upon password expiration, because
the software does not know how to handle password updates under these
conditions. See nsswitch.conf(5) for additional information.
Oracle Solaris 11.4 11 May 2021 shadow(5)