[jll29]

The UNIX family of operating system (Unices) historically stored passwords in /etc/passwd, which was readable (but passwords were soon hashed, i.e. passed through a one-way function to obfuscate them).

Eventually, shadow passwords were introduced to have the passwords themselves stored in another place with stricter access rights (readable only by the sysadmin or their group), so even the hashed versions were inaccessible to normal souls, whereas other information traditionally kept in /etc/passwd - e.g. the user's full name - could and can still be retrieved from that file by making it widely readable - just without the passwords, which were moved to the "shadows".

See also https://en.wikipedia.org/wiki/Passwd, section "Shadow file" for more details.

[torpid]

Debian even back then did protect the passwd files appropriately out of the box, but in this server's case, they did an import from an older system where it wasn't protected, and they couldn't figure out how/bothered to convert it to shadow.

[pbhjpbhj]

I always thought the shadow was just a way to refer to a hash -- the shadow of a thing being less detailed/unique but still capable of being used for recognition.

Maybe I read Plato around the same time as I heard of it and that biased my thinking.