12.1.1 Registration
/etc/shadow contains 9 fields, each separated by a ":", in the form:
login-id:password:lastchg:min:max:warn:inactive:expire:flag
where these fields represents:
NP for no password is valid
*LK* meaning the account is locked until the superuser sets a password
A typical /etc/shadow file might be:
root:st44wfkgx33qX:::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
smtp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
listen:*LK*:::::::
nobody:NP:6445::::::
noaccess:NP:6445::::::
The shadow password file is updated using the commands:
The /etc/shadow file has specific fields to keep track of the last password change, the minimum and maximum time in days that the password is valid, the number of inactive days allowed between uses before the login ID is declared invalid, and an expiration date for the account. You can edit /etc/shadow and set these values, or use the useradd command to set limits on the account.
Sun recommends that you use the admintool or solstice utilities or the useradd command to add new users, rather than editing the passwd file. If you do edit the passwd file you'll want to use pwconv to update the passwd changes to the shadow file. The use of vipw is no longer recommended. It's included with the compatibility package, as /usr/ucb/vipw, and you can still use it, but it does not update the shadow file, though it does remind you to do so.