Previous Next Contents

4.2 Shadow module

This section documents the current implementation of the shadow database module.

The shadow module does not make any use of the id parameter. Since the shadow database does not contain such an entry, the only way of identifying a user is with a name argument. However, an id based lookup is possible, if the shadow database is searched after a database that contains a user-uid mapping. In this case the ``user'' entry in the partially built pwdb structure is used to locate the appropriate entry in the shadow file.

The shadow module is designed to work in conjunction with a database that provides the standard user-uid mapping. It should be noted that it does not provide sufficient information to support a user login session.

Entries supported by the "user" class of the shadow module are:

user

- username

passwd

- encrypted password

last_change

- date password was last changed

min_change

- minimum period before password can be changed

max_change

- lifetime of current password

warn_change

- number of days prior to expiry that the user should be warned

defer_change

- grace period before password is finally invalid

expire

- date account expires

Entries supported by the "group" class of the shadow module are:

group

- groupname

passwd

- encrypted group password

users

- text list of user names separated by commas (members of the group)

admins

- text list of user names separated by commas (administrators of the group)


Previous Next Contents