jspωiki
ShadowAccount

Overview#

An Auxiliary ObjectClass used in Approach for Using LDAP as a Network Information Services as defined in various PAM Schema Modifications.

shadowAccount attribute values v.s. /etc/shadow

:AbcDefgHijkLMnOP:13654:0:99999:7: : :0
 ---------------- ----- - ----- - - - -
       |            |   |   |   | | | └ shadowFlag
       |            |   |   |   | | └ shadowExpire
       |            |   |   |   | └ shadowInactive
       |            |   |   |   └ shadowWarning
       |            |   |   └ shadowMax
       |            |   └ shadowMin
       |            └ shadowLastChange
       └ userPassword (hashed)

Attributes#

  • shadowLastChange - Indicates the number of days between January 1, 1970 and the day when the user password was last changed. (single-valued)
  • shadowExpire - Indicates the date on which the user login will be disabled. (single-valued)
  • shadowFlag - not currently in use.
  • shadowInactive - Indicates the number of days of inactivity allowed for the user. (single-valued)
  • shadowMax - Indicates the maximum number of days for which the user password remains valid. (single-valued)
  • shadowMin - Indicates the minimum number of days required between password changes. (single-valued)
  • shadowWarning - The number of days of advance warning given to the user before the user password expires. (single-valued)

LDAP ObjectClass Definition#

The ObjectClass Type is defined as:

More Information#

There might be more information for this subject on one of the following: