Passwd
m |
m |
||
(4 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
+ | For more see the man pages: [http://linux.die.net/man/5/shadow] | ||
+ | |||
==/etc/shadow== | ==/etc/shadow== | ||
This file contains the password information for users. | This file contains the password information for users. | ||
Line 8: | Line 10: | ||
Format: | Format: | ||
− | {| | + | {|border=1 |
| username || upto 8 characters. a direct match to a line in <code>/etc/passwd</code> | | username || upto 8 characters. a direct match to a line in <code>/etc/passwd</code> | ||
|- | |- | ||
− | | password || blank indicates no password required. '<code>*</code>' indicates that the user has been disabled (may still <code>su</code> to that user though) | + | | password || blank indicates no password required.<br> |
− | + | '<code>*</code>' indicates that password authentication for the user is disabled (e.g: use pubkey)<br> | |
+ | '<code>!</code>' indicates that the user has been disabled (may still <code>su</code> to that user though)<br> | ||
Optionally it can start with a "$" character. This means the encrypted password was generated using another (not DES) algorithm. For example if it starts with "$1$" it means the MD5-based algorithm was used.<br> | Optionally it can start with a "$" character. This means the encrypted password was generated using another (not DES) algorithm. For example if it starts with "$1$" it means the MD5-based algorithm was used.<br> | ||
− | The field is then delimited by "$". The first field is the algorithm (1=MD5), the second is the salt, the third is the hashed password | + | The field is then delimited by "$". The first field is the algorithm (1=MD5), the second is the salt, the third is the hashed password.<br> |
− | + | <code>openssl passwd -1 -salt SPOk02ci</code>, enter 'hello' will result in:<br> | |
+ | <code>$1$SPOk02ci$kM3A6Yo4vJ4VGiCTx3vDX1</code><br> | ||
+ | Use a different salt, get a different hash. Don't provide a salt to generate one! | ||
|- | |- | ||
| change date || the number of days since 1 Jan 1970 | | change date || the number of days since 1 Jan 1970 |
Latest revision as of 09:57, 18 February 2014
For more see the man pages: [1]
[edit] /etc/shadow
This file contains the password information for users.
Ubuntu's default root entry:
root:*:15386:0:99999:7:::
Format:
username | upto 8 characters. a direct match to a line in /etc/passwd
|
password | blank indicates no password required. ' |
change date | the number of days since 1 Jan 1970 |
change delay | the number of days before the password may be changed. 0 indicates any time |
password expiry | the number of days before the user MUST change the password. 99999 indicates a long time |
number of days warning | before the user will be forced to change their password |
number of days before disable | after the password has epired. I assume blank is never |
expiry date | number of days since 1 Jan 1970 that the account was disabled |
reserved | - |