To improve login response time and conserve CPU time in systems with many users, the operating system can use a hashed version of the /etc/passwd file to look up user IDs. When this facility is used, the /etc/passwd file still exists, but is not used in normal processing. The hashed versions of the file are built by the mkpasswd command. If the hashed versions are not current, login processing reverts to a slow, CPU-intensive sequential search through /etc/passwd.
Prior to AIX 4.3, the command to run is mkpasswd /etc/passwd. This command creates a /etc/passwd.pag and /etc/passwd.dir file, and lookups of /etc/passwd will do a hashed lookup into passwd.pag (as long as this file is newer than /etc/passwd and /etc/security/passwd. Otherwise, lookups will fall back to the default behavior).
Starting with AIX 4.3, the command to run is mkpasswd -f. This command creates indexed versions of /etc/passwd, /etc/security/passwd, and /etc/security/lastlog. The files created are /etc/passwd.nm.idx, /etc/passwd.id.idx, /etc/security/passwd.idx, and /etc/security/lastlog.idx. Note that this will greatly enhance performance of applications that also need the encrypted password (such as login and any other program that needs to do password authentication).
Applications can also be changed to use alternative routines such as _getpwent() instead of getpwent(), _getpwnam_shadow(name,0) instead of getpwnam(name), or _getpwuid_shadow(uid,0) instead of getpwuid(uid) to do name/ID resolution in cases where the encrypted password is not needed. This prevents a lookup of /etc/security/passwd.
Do not edit the password files by hand because the time stamps of the database files (.pag or .idx) will not be in sync and the default lookup method (linear) will be used. If the passwd, mkuser, chuser, rmuser commands (or the SMIT command equivalents, with fast paths of the same name) are used to administer user IDs, the hashed files are kept up to date automatically. If the /etc/passwd file is changed with an editor or with the pwdadm command, the hashed or index files must be rebuilt.
Note: The mkpasswd command does not affect NIS, DCE, or LDAP user databases.