The Shadow Password and Shadow Group Systems
Encrypted passwords must be secure from all users on the system, while leaving the remainder of the information in /etc/passwd world-readable. To do this, the encrypted password is moved to a new file that shadows the password file line for line. The file is aptly called /etc/shadow and is generally said to contain shadow passwords. Here are a couple of example lines from a shadow file:
The first two fields contain the username and the encrypted passwords. The remaining fields contain optional additional information on password aging information.