This section documents the current implementation of the shadow database module.
The shadow module does not make any use of the id
parameter. Since the shadow database does not contain such an entry,
the only way of identifying a user is with a name
argument.
However, an id
based lookup is possible, if the shadow
database is searched after a database that contains a user-uid
mapping. In this case the ``user
'' entry in the partially
built pwdb
structure is used to locate the appropriate entry in
the shadow file.
The shadow module is designed to work in conjunction with a database
that provides the standard user-uid
mapping. It should be
noted that it does not provide sufficient information to support a
user login session.
Entries supported by the "user" class of the shadow module are:
user
- username
passwd
- encrypted password
last_change
- date password was last changed
min_change
- minimum period before password can be changed
max_change
- lifetime of current password
warn_change
- number of days prior to expiry that the user should be warned
defer_change
- grace period before password is finally invalid
expire
- date account expires
Entries supported by the "group" class of the shadow module are:
group
- groupname
passwd
- encrypted group password
users
- text list of user names separated by commas (members of the group)
admins
- text list of user names separated by commas (administrators of the group)