mkshadow
Create entries for QNX OS shadow files
Syntax:
mkshadow -u username [-d hash] [-e expiry] [-I inactivity]
[-i iteration] [-k KDF] [-l last_change] [-m min_age]
[-o path] [-P prompt] [-p password] [-s salt]
[-u username] [-v verbosity] [-w warning] [-x max_age]
Runs on:
Linux, Microsoft Windows
Options:
- -d hash
- Hash function to use in key derivation.
Supported values: sha256, sha512 (the default).
- -e expiry
- Account expiration date. Default is no expiry (0).
Example: 2029-12-31T23:59:59
- -I inactivity
- Deactivate the account this number of days after the password expires. Not currently enforced by QNX OS.
- -i iteration
- The number of iterations of the hash function to use for key derivation. Default is 4096.
- -k KDF
- The key derivation function (KDF) to use.
Supported value: pbkdf2 (the default).
- -l last_change
- Date of last password change. The default value is the current
timestamp.
Example: 2019-08-27T09:30:00
- -m min_age
- The minimum number of days users must wait after changing their password before they can change it again. Default is no minimum (0).
- -o path
- Path to output file. If not specified, data is written to stdout.
- -P prompt
- Prompt the user for the password. See the examples below for an example of specifying the prompt.
- -p password
- Password for shadow file entry. Default is an asterisk (*) character, which disables the password for the user account. Disabling the password for an account prevents anyone from logging in to that account using a password.
- -s salt
- Custom cryptographic salt. Must be 16 bytes represented in hex format. If
this option is not specified, the salt is generated randomly.
Example: C53253F1E9FCC1B5A90DA6A0A3E9A11C
- -u username
- Username for shadow file entry.
- -v verbosity
- Increase verbosity.
- -w warning
- The number of days before the password is set to expire that users are warned that they must change their password. By default, no warning is given (0).
- -x max_age
- The maximum number of days a password remains valid. Default is no maximum (0).
For information on the individual fields in a shadow file, see /etc/shadow in the QNX OS User's Guide.
Description:
The mkshadow host-side utility is used to create entries for QNX OS shadow files.
By default, mkshadow creates a shadow file entry with the password disabled, which prevents users from logging into the account using a password. To set the password for an account, use either -p or -P.
Examples:
Create a shadow file entry for the user qnxuser. Because no password options are specified, the password is disabled for this user:
mkshadow -u qnxuser
Create a shadow file entry with the password qnxuser:
mkshadow -u qnxuser -p qnxuser
Create a shadow file entry with a password that is specified by prompting the user for a value:
mkshadow -u qnxuser -P
Password:
Confirm Password:
Create a shadow file entry whose password hash is stretched to 8192 iterations (instead of the default 4096 iterations):
mkshadow -u qnxuser -p qnxuser -i 8192
Create a shadow file entry with the custom cryptographic salt 9BBA04C71AC554C5CEB08FF237BC93AB:
mkshadow -u qnxuser -p qnxuser -s 9BBA04C71AC554C5CEB08FF237BC93AB