/etc/shadow

With a shadowed password scheme in use, the /etc/passwd file typically shows a character such as '*', or 'x' in the password field for each user instead of the hashed password, and /etc/shadow usually contains the following user information:

jsmith:$1$geoDOQv.$IFyZ/5iO6bCptW5xAp6E6/:3:2:5:7:10:23984:

• User login name
• salt and hashed password OR a status exception value e.g.:
  • "NP" or "!" or null - No password, the account has no password.
  • "LK" or "*" - the account is Locked, user will be unable to log-in
  • "!!" - the password has expired
• Days since epoch of last password change
• Days until change allowed
• Days before change required
• Days warning for expiration
• Days before account inactive
• Days since Epoch when account expires
• Reserved

While the most important information in the shadow file consists of the salt and the hashed password, the file usually contains other fields as well, such as the last time the password was changed, when the password will expire, and whether the account is disabled. The format of the shadow file is simple, and basically identical to that of the password file, to wit, one line per user, ordered fields on each line, and fields separated by colons. Many systems require the order of user lines in the shadow file be identical to the order of the corresponding users in the password file.