/etc/shadow

Understanding /etc/shadow format

These are the Nine fields, which is in /etc/shadow file.

  • Username: User login name, it be a valid account name, which exist on the system.

  • Encrypted Password: Encrypted Password hash, which contains three parts like hash_algorithm, hash_salt, and hash_data.

  • Date of last password change: The date of the last password change, expressed as the number of days since Jan 1, 1970.

  • Minimum password age: The minimum password age is the number of days the user will have to wait before she will be allowed to change her password again.

  • Maximum password age: The maximum password age is the number of days after which the user will have to change her password.

  • Password warning period: The number of days before a password is going to expire (see the maximum password age above) during which the user should be warned.

  • Password inactivity period: The number of days after a password has expired during which the password should still be accepted. After expiration of the password and this expiration period is elapsed, no login is possible using the current user’s password.

  • Account expiration date: The date of expiration of the account, expressed as the number of days since Jan 1, 1970.

  • Reserved field: Not used or reserved for future use.

Example of /etc/shadow file

root:$6$Tb/euwmK$OXA.dwMeOAcopwBl68boTG5zi65wIHsc84OWAIye5VITLLtVlaXvRDJXET..it8r.jbrlpfZeMdwD3B0fGxJI0:17298:0:99999:7:::
daemon:*:17298:0:99999:7:::
bin:*:17298:0:99999:7:::
sys:*:17298:0:99999:7:::
sync:*:17298:0:99999:7:::
games:*:17298:0:99999:7:::
man:*:17298:0:99999:7:::
lp:*:17298:0:99999:7:::
mail:*:17298:0:99999:7:::
news:*:17298:0:99999:7:::
uucp:*:17298:0:99999:7:::
proxy:*:17298:0:99999:7:::
www-data:*:17298:0:99999:7:::
backup:*:17298:0:99999:7:::
list:*:17298:0:99999:7:::
irc:*:17298:0:99999:7:::
gnats:*:17298:0:99999:7:::
nobody:*:17298:0:99999:7:::
libuuid:!:17298:0:99999:7:::
Debian-exim:!:17298:0:99999:7:::
sshd:*:17298:0:99999:7:::
user:$6$M1tQjkeb$M1A/ArH4JeyF1zBJPLQ.TZQR1locUlz0wIZsoY6aDOZRFrYirKDW5IJy32FBGjwYpT2O1zrR2xTROv7wRIkF8.:17298:0:99999:7:::
statd:*:17299:0:99999:7:::
mysql:!:18133:0:99999:7:::

Understanding password format

+------+------------------------+
| Code |        Algorithm       |
+------+------------------------+
|  $1  | MD5 hashing algorithm  |
|  $2  | Blowfish Algorithm     |
|  $3  | Eksblowfish Algorithm  |
|  $4  | NT hashing algorithm   |
|  $5  | SHA-256 Algorithm      |
|  $6  | SHA-512 Algorithm      |
+------+------------------------+

Generating a correct password for /etc/shadow

# SHA-256 ($5)
user@debian:~/tools/mysql-udf$ mkpasswd -m sha-256 test
$5$Sv0IvZAwoe$DFe8hz9Iw4odgDgi8V3Mi41m7IkL0dRM8w6AOkHt3tD

# SHA-512 ($6)
user@debian:~/tools/mysql-udf$ mkpasswd -m sha-512 test
$6$xWsFso5Bwf4yg$qIsFuPDaqSfJ0ZOZsnew00/0HkppzwU0nyuDVJOM/unZRfYIoz1nMA6NLLyj8Y8GsNdNEbJIjnPWxNyign3Lw.
PreviousfilesNext/etc/passwd

Last updated