You may know that passwords are hashed on Linux systems, and the hashes are stored in the restricted access /etc/shadow file. But did you know that you can also determine the hash method that was used and report the number of days since a password was last changed from this file as well?
To look at a user record in the /etc/shadow file, run a command like this:
$ sudo grep nemo /etc/shadow
You should see a line that looks something like this:
Viewing and configuring password aging on Linux
In spite of how long that line is, it’s quite easy to parse. The first two fields in the lines of this colon-separated file store:
Source:: Network World – Data Center