what does 'x' in the encrypted password field in /etc/shaodw file represent?
jmcnamar:x:10607:100:Jim Mcnamara,,222 222-1234.......
The part in this record is the "password" field. This is /etc/passwd
/etc/shadow has the encrypted password and the salt.
Shadow file shouldn't have a 'x'.
Each entry in the shadow file has the form (use man -s4 shadow for man page):
username:password:lastchg:min:max:warn:inactive:expire:flag
The fields are defined as follows:
username The user's login name \(UID\).
password A 13-character encrypted password for the user,
a lock string to indicate that the login is not
accessible, or no string, which shows that there
is no password for the login.
lastchg The number of days between January 1, 1970, and
the date that the password was last modified.
min The minimum number of days required between
password changes.
max The maximum number of days the password is
valid.
warn The number of days before password expires that
the user is warned.
inactive The number of days of inactivity allowed for
that user.
expire An absolute date specifying when the login may
no longer be used.
flag Reserved for future use, set to zero. Currently
not used.
For the /etc/passwd file - see man -s4 passwd
password is an empty field. The encrypted password
for the user is in the corresponding entry
in the /etc/shadow file. pwconv(1M) relies
on a special value of 'x' in the password
field of /etc/passwd. If this value of 'x'
exists in the password field of
/etc/passwd, this indicates that the pass-
word for the user is already in /etc/shadow
and should not be modified.
Your help is much appreciated. Could you tell me in which file will you find the settings showing account lockout after XXX invalid attempts.
Also, were do you find password compexity being enabled?
Thanks