The view pg_shadow exists for backwards compatibility: it emulates a catalog that existed in PostgreSQL before version 8.1. It shows properties of all roles that are marked as rolcanlogin in pg_authid.
The name stems from the fact that this table should not be readable by the public since it contains passwords. pg_user is a publicly readable view on pg_shadow that blanks out the password field.
Table 48-69. pg_shadow Columns
|usesysid||oid||pg_authid.oid||ID of this user|
|usecreatedb||bool||User can create databases|
|usesuper||bool||User is a superuser|
|usecatupd||bool||User can update system catalogs. (Even a superuser cannot do this unless this column is true.)|
|userepl||bool||User can initiate streaming replication and put the system in and out of backup mode.|
|passwd||text||Password (possibly encrypted); null if none. See pg_authid for details of how encrypted passwords are stored.|
|valuntil||abstime||Password expiry time (only used for password authentication)|
|useconfig||text||Session defaults for run-time configuration variables|