4. /etc/shadow
The /etc/shadow file is used to store information about user authentication. It requires superuser read permissions.
$ sudo cat /etc/shadowroot:MyEPTEa$6Nonsense:15000:0:99999:7:::
You'll notice that it looks very similar to the contents of /etc/passwd, however in the password field you'll see an encrypted password. The fields are separated by colons as followed:
- Username
- Encrypted password
- Date of last password changed - expressed as the number of days since Jan 1, 1970. If there is a 0 that means the user should change their password the next time they login
- Minimum password age - Days that a user will have to wait before being able to change their password again
- Maximum password age - Maximum number of days before a user has to change their password
- Password warning period - Number of days before a password is going to expire
- Password inactivity period - Number of days after a password has expired to allow login with their password
- Account expiration date - date that user will not be able to login
- Reserved field for future use
In most distributions today, user authentication doesn't rely on just the /etc/shadow file, there are other mechanisms in place such as PAM (Pluggable Authentication Modules) that replace authentication.
Exercises
Take a look at the /etc/shadow file