In order to allow users to authenticate themselves to the system, it is necessary to give certain programs read only access to the /etc/shadow. Some of the programs you may want to consider giving read access to are: login, sshd, su, and vlock. To allow the login program to read /etc/shadow, use the following ACL:
bash# lidsconf -A -s /bin/login -o /etc/shadow -j READONLY |