Shadow passwords

Shadow passwords are an extension to storing all account information in the  file. Originally, the encrypted passwords for all accounts were kept in the 2nd field of. Since this file needs to be world-readable in order to obtain information about accounts (including the username, UID, primary GID, GECOS information, home directory, and user shell), it meant that the encrypted passwords were also viewable. This provided a very nice known-ciphertext attack vector.

An extenstion was developed that addressed this insecurity, and added password and account aging abilities as well. All modern *nix distributions support shadow passwords, in addition to original method.

Aside from re-writing the PAM code, the main userspace change is the addition of, and several tools for manipulating this file. Unlike, the   file must not be world-readable (suggested mode is 600). Of course, this means that all programs that read and write this file must be either setuid, or run by the root user; this includes common "user" programs such as "passwd".

This file stores the data for the following struct:

struct spwd { char *sp_namp;  /* user login name */ char *sp_pwdp;  /* encrypted password */ long sp_lstchg; /* last password change */ int  sp_min;    /* days until change allowed. */   int   sp_max;    /* days before change required */ int  sp_warn;   /* days warning for expiration */ int  sp_inact;  /* days before account inactive */ int  sp_expire; /* date when account expires */ int  sp_flag;   /* reserved for future use */ }

The timing of the dates and times stored here can cause some confusion. The following timeline should help show when things occur:



N.B.: The "account expire" date can occur anywhere, including before the password expiration, password last-change, and account inactive dates.