This file stores hashed passwords and other account and password information.
Each line in /etc/shadow is in the following format:
username:password:last_change:min_age:max_age:warning:inactivity:expiry:reserved
If the password field contains a string that is not a valid hash of the password, the user cannot log in.
This field can be empty. When it is empty, it may be possible to log in as the corresponding user without specifying a password, depending on the application that performs the authentication or the configuration of the PAM module that performs the authentication.
If the password field starts with an exclamation mark, the password is locked. The characters that follow the exclamation mark are the password hash before the password was locked.
digest is a single character that indicates which digest function was used to hash the password. The following values are currently allowed: s (sha256), S (sha512).
interations is the number of iterations to perform during key derivation. If not specified, the default value of 4096 is used.
hash is the Base64-encoded hashed password.
salt is the Base64-encoded salt value.
An empty field or 0 specifies that no wait time is required.
An empty field or a value of 0 specifies that there is no maximum number of days after which the user must change his or her password.
An empty field or a value of 0 specifies that no warning is given.
An empty field or a value of 0 specifies that the account never expires.