LinuxQuestions.org - /etc/shadow file help needed.

Quote:

Originally Posted by prayag_pjs (Post 4134383)

Hi,

Please elaborate and let us know your exact problem?

For your information:
pwconv is system administration command to convert unshadowed entries in /etc/passwd into shadowed entries in /etc/shadow. Replace the encrypted password in /etc/password with an x. Shadowing passwords keeps them safe from password-cracking programs. pwconv creates additional expiration information for the /etc/shadow file from entries in your /etc/login.defs file. If you add new entries to the /etc/passwd file, you can run pwconv again to transfer the new information to /etc/shadow. Already shadowed entries are ignored. pwunconv restores the encrypted passwords to your /etc/passwd file and removes the /etc/shadow file. Some expiration information is lost in the conversion. See also grpconv and grpunconv.

Is there any way of validating entries in /etc/shadow files using pwconv utility?
for example is there any way of running pwconv utility and making sure that /etc/shadow file is upto date or valid.

Exact statement from book.

Quote:

Lines in the /etc/shadow file must have a valid format either as checked by the pwconv program, or must meet the following requirements:

* 2.4.2.1 Line Format: Each line must have nine (9) colon-separated fields. There must be no blank lines (including the last line). The nine fields are interpreted as follows:

username:password:lastchg:min:max:warn:inactive:expire:flag

*Note: The first two fields must not be blank.

* 2.4.2.2 Valid User: Usernames must directly correspond to usernames which exist in /etc/passwd or in an enabled name service (e.g., LDAP, NIS) password map, and must conform to all the same rules as usernames in /etc/passwd.

* 2.4.2.3 Duplicate Usernames: There must be no duplicate usernames. Each line must contain a unique username.

* 2.4.2.4 Passwords: Passwords in /etc/shadow must be in compliance to the published AS Authentication & Password Policy published at URL:

In addition the encrypted password stored in the 2nd (ie: passwd) field of the shadow file must have 13-24 characters as per specified in the LINUX section 5 man page for shadow file format.

* 2.4.2.5 uid=0 Passwords: Passwords for uid=0 accounts must not be the same as those used for other accounts.

* 2.4.2.6 File Permissions: The /etc/shadow file must be owned by root and have permissions of 0400.

* 2.4.2.7 Locked Accounts: All accounts that are locked or do not require the ability to login to the system must conform to section 3.4.1.2 of this document along with having a single exclamation mark "!" as the first character of the 2nd (ie: passwd ) field of the shadow file entry.

I m confused over first line "as checked by the pwconv program" Which option to use for checking ?