The catalog pg_shadow contains information about database users. The name stems from the fact that this table should not be readable by the public since it contains passwords. pg_user is a publicly readable view on pg_shadow that blanks out the password field.
Chapter 17 contains detailed information about user and privilege management.
Because user identities are cluster-wide, pg_shadow is shared across all databases of a cluster: there is only one copy of pg_shadow per cluster, not one per database.
Table 41-26. pg_shadow Columns
|usesysid||int4||User ID (arbitrary number used to reference this user)|
|usecreatedb||bool||User may create databases|
|usesuper||bool||User is a superuser|
|usecatupd||bool||User may update system catalogs. (Even a superuser may not do this unless this column is true.)|
|passwd||text||Password (possibly encrypted)|
|valuntil||abstime||Password expiry time (only used for password authentication)|
|useconfig||text||Session defaults for run-time configuration variables|