/etc/gshadow contains the shadowed information for group accounts. It contains lines with the following colon-separated fields:
The group name and password fields must be filled. The encrypted password consists of characters from the 64-character alphabet a thru z, A thru Z, 0 thru 9, \. and /. Refer to crypt(3) for details on how this string is interpreted. If the password field contains some string that is not valid result of crypt(3), for instance ! or *, the user will not be able to use a unix password to log in, subject to pam(7).
This information supersedes any password present in /etc/group.
This file must not be readable by regular users if password security is to be maintained.
group(5), gpasswd(5), newgrp(5).