Nortel 2000 Software Reference Manual page 261

Book C Chapter 4 Utilities
When the proprietary routines are used for reading and writing files, these
files are called acp_passwd and, if enabled, acp_shadow; they are
located in the installation directory. When the native routines are used
(selected with –DNATIVEPASSWD and/or –DNATIVESHADOW),
erpcd queries the standard library routines for validating user passwords.
(The use of shadow files is selected with –DUSESHADOW for both
native and proprietary routines.)
Using the native routines allows erpcd to query NIS for user logins,
enabling nicely distributed databases; using the proprietary routines
separates this query from the host code, enabling tighter security control.
The integrated passwd form keeps both the user names/UIDs (used by ls
and other programs to translate UIDs and user names) and
one-way-encrypted passwords (using salted DES encryption) in a single
file. The passwd/shadow form places an x in place of a password in the
passwd file and saves the encrypted passwords in a separate file called
shadow.
The integrated passwd form is a Berkeley standard; the passwd/shadow
form is System V-based. The passwd/shadow form is more secure
because the permissions on the user names (which are world-readable)
and the encrypted passwords (root-readable only) can be set separately.
Additionally, the passwd/shadow form allows password aging, forcing
users to change their passwords periodically. (The convert program,
located in the erpcd directory, can change the integrated passwd form to
passwd/shadow form and vice-versa.)
Remote Annex Administrator's Guide for UNIX
Book C-243