The ‘/etc/shadow‘ file in Linux contains password and password related information of users listed in the /etc/passwd file.
An entry in /etc/shadow file contains nine entries/fields and looks like:
a → Username
The user name of whose the entry contains the password details.
b → Password
it is the encrypted password. The password can include special characters, digits, lower case alphabets, upper case alphabets and several other characters. Usually password format is set to ‘$id$salt$hashed’, The $id is the algorithm used in GNU/Linux for hashing. The value of id tells us about the hashing algorithm used. The id along with its hashing algorithm are as follows:
$1$ is MD5
$2a$ is Blowfish
$2y$ is eksBlowfish
$5$ is SHA-256
$6$ is SHA-512
- !! or ! indicates that account is present but there is no password set for it. So user can not login if password field is set to this values
- :*: indicates that the account was disable
- :: indicates that user can login without password. in other words we can say password is removed or the password field is empty
c → Date Password Last Changed
Indicates the number of days since January 1, 1970 (also called the epoch) when the password was last changed. This information is used in conjunction with the password aging fields that follow this field.
d → Number of days before password can be changed
The minimum number of days that must pass before which the password can be changed.
e → Number of days before a password change is required
The number of days before which the password must be changed.
f → Number of days warning before password change
The number of days before password expiration during which the user will be warned to change the password.
g → Number of days before the account is disabled
The number of days after a password expires before the account will be disabled.
h→ Date since the account has been disabled
The date (stored as the number of days since the epoch) since the user account has been disabled.
i → A reserved field for future purpose
A field that is currently ignored i.e. reserved field for further use.