This tutorial explains Linux “pwconv” command, options and its usage with examples.
The pwconv command creates shadow from passwd and an optionally existing shadow.
pwconv and grpconv are similiar. First, entries in the shadowed file which don’t exist in the main file are removed. Then, shadowed entries which don’t have `x’ as the password in the main file are updated. Any missing shadowed entries are added. Finally, passwords in the main file are replaced with `x’. These programs can be used for initial conversion as well to update the shadowed file if the main file is edited by hand.
pwconv will use the values of PASS_MIN_DAYS, PASS_MAX_DAYS, and PASS_WARN_AGE from /etc/login.defs when adding new entries to /etc/shadow.
The following configuration variables in /etc/login.defs change the behavior of pwconv:
The maximum number of days a password may be used. If the password is older than this, a password change will be forced. If not specified, -1 will be assumed (which disables the restriction).
The minimum number of days allowed between password changes. Any password changes attempted sooner than this will be rejected. If not specified, -1 will be assumed (which disables the restriction).
The number of days warning given before a password expires. A zero means warning is given only upon the day of expiration, a negative value means no warning is given. If not specified, no warning will be provided.
Sanfoundry Global Education & Learning Series – 1000 Linux Tutorials.